Jump to content

Exclusions logged


Recommended Posts

Hello

I have a question about exclusions.

If I make an exclusion for a rule, do I still see those messages somewhere in the logs?

Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). 

 

Thanks and kind regards!

 

Link to comment
Share on other sites

  • Administrators

You can re-run rules while ignoring exclusions. If you do not select to add detections to the main detections table immediately, you will be able to review the matched detections first in the re-run task details:

image.png

Link to comment
Share on other sites

  • Administrators

With ESET Inspect 1.8+, rules are evaluated on clients by default. You would see records like this in the EI connector logs for excluded events:

2023-01-19 11:07:53 013a4 Debug: Rule "Notepad has been started"(1104) matching was excluded by "Exclusion for rule: Notepad has been started"(224) on CreateProcess(10)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...