# AI Auto Exclusions

The portal provides wide configuration options on AI auto-enrichment and auto-exclusions. The "AI Analysis Auto Exclusion Settings" should be saved before it starts to work. For that, users set the settings parameters.

<figure><img src="/files/Cz9MLZXZ38JTtDzPmbqR" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/bdT7vdLlIAzQsXohaEd2" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/HrkbM1ditNvfyVbIBWl8" alt=""><figcaption></figcaption></figure>

| Parameter                                                                              | Description                                                                                                |
| -------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| Classify, Enrich & Auto-whitelist for Windows processes                                | Enabling/Disabling the auto-classify, auto-enrichment, and auto-whitelisting for Windows processes.        |
| Classify, Enrich & Auto-exclude on Sysmon for Windows processes                        | Enabling/Disabling the auto-classify, auto-enrichment, and auto-whitelisting for Sysmon Windows processes. |
| Minimum Count Threshold for Auto AI Analysis Exclusions                                | The threshold setting for auto-analyze the artifacts.                                                      |
| Minimum Elastic Count Threshold for Auto AI Analysis Exclusions (optional, 0=disabled) | The elastic treshold for auto-exclusion.                                                                   |
| Auto AI Analysis Exclusions Run Interval                                               | The auto-exclusion run interval.                                                                           |
| Auto AI Analysis Exclusions Last Execution                                             | The auto-exclusion last execution time and date.                                                           |

***

The "AI Questions for Auto Exclusions" section is designed for auto-exclusion actions. Users can edit and disable/enable the automation options.

If exclusions are not optimized well, the portal will eventually get slower because of the junk data collection. That's why we always suggest optimizing sysmon exclusions.

<figure><img src="/files/zJTzRaPMp5950f622ME0" alt=""><figcaption></figcaption></figure>

The "Can you identify the Windows Sysmon processes creating excessive traffic in the last day and show them to me to add to the Sysmon Exclusion Rules?" question is recommended for auto exclusion. If this is enabled, sysmon artifacts that were captured on the last day which created excessive traffic will be analyzed by AI and excluded.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/using-ai-modules/ai-auto-exclusions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.