Checking the AI Settings

The AI module works with parameters and users can edit the parameters under the "Settings & Reporting" -> "AI Questions" -> "AI Analysis Auto Exclusion Settings". The default parameters should be like this:

Parameter

Value

Classify, Enrich & Auto-whitelist for Windows processes

Classify, Enrich & Auto-exclude on Sysmon for Windows processes

Minimum Count Threshold for Auto AI Analysis Exclusions

100

Minimum Elastic Count Threshold for Auto AI Analysis Exclusions

Optional: 0=disabled, default=20

Auto AI Analysis Exclusions Run Interval

Auto AI Analysis Exclusions Last Execution

It will change automaticly on each iteration.

Make sure to click on the "Save" button before activating the AI auto-exclusions. If it is not saved, the AI module is not working properly.

PreviousChecking AI Audit Logs NextTroubleshooting Synchronization Problems

Last updated 10 months ago

Was this helpful?