In the audit log comment, include any info that would help other people in your organization understand what you changed and why. We recommend that you include a comment for the audit log whenever you create, edit, or delete an exclusion. Each exclusion type has its own audit log where you can view the revision history for exclusions of that type. Reviewing activity that’s being excluded helps you understand the actual effects of your IOA exclusions.ĬrowdStrike automatically records all changes to your exclusions. Previewing threats that you would no longer see helps you quickly understand the expected effect of an exclusion before you save it.įor IOA exclusions that are already in effect in your environment, you can view a log of activity that would have triggered a threat if an IOA exclusion hadn’t been in place. This list shows threats that wouldn’t have been generated if the current exclusion were live in your environment. When you're creating or editing an exclusion, Falcon displays a list of affected threats before you save it. If your exclusion is too broad, you might inadvertently permit malicious activity that should be detected or blocked. To maintain a strong security posture, create exclusions to be as specific as possible while meeting your exclusion needs. Consider the potential implications of an exclusion before you put it into effect in your environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |