Jump to content

Exclusions logged


Recommended Posts

Hello

I have a question about exclusions.

If I make an exclusion for a rule, do I still see those messages somewhere in the logs?

Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). 

 

Thanks and kind regards!

 

Link to comment
Share on other sites

  • Administrators

You can re-run rules while ignoring exclusions. If you do not select to add detections to the main detections table immediately, you will be able to review the matched detections first in the re-run task details:

image.png

Link to comment
Share on other sites

  • Administrators

With ESET Inspect 1.8+, rules are evaluated on clients by default. You would see records like this in the EI connector logs for excluded events:

2023-01-19 11:07:53 013a4 Debug: Rule "Notepad has been started"(1104) matching was excluded by "Exclusion for rule: Notepad has been started"(224) on CreateProcess(10)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...