Some exclusions resolve detections unreliably

[tacotuesday 0]

I'm having an issue with several exclusions.  Exclusions that previously worked are failing to resolve some new detections.  If I open the exclusion, and then click the "Update Exclusion" button without changing anything, the detection(s) will then be resolved.  Has anyone else experienced this?
 

Attached is an example detection and exclusion.  After I took a screen shot of the exclusion criteria, I clicked the "Update Exclusion" button.  When I went back to the detections screen the detection had been removed.

 

 

Edited August 8 by tacotuesday

[Marcos 5,234]

Does it work if you temporarily remove the SignatureType property condition?

[Marcos 5,234]

Please try changing from upper case (Operations -> operations and Condition -> condition). Albeit it should not matter, we'd need to be sure this is not the issue.

If it doesn't make any difference, enable diagnostic information / logging for the particular detection. After the detection has been triggered, you should see here a link to diagnostic files. Please raise a support ticket and provide this link along with the issue details to technical support.

[tacotuesday 0]

Thank you for the reply Marcos.

I'll try to remove the signature type and change the case on "Operations" and "Condition".

I don't have a diagnostician information option for my detection.  Do I need to enable it somewhere?

 

[tacotuesday 0]

I see the "Diagnostic Information" now within the detection details pane.  I'll open a support ticket.