Cortex Alert Exception Instructions:
Creating an Alert Exception
- We can create an exception from the receiving alert on the incident tab.
- Right click> manage alert > create alert exception
- Open recommend exception> select CGO information.
- Check mark CGO process path and CGO command argument.
- If it is just for a specific endpoint group so you need to select the specific profile (you need to create the profile for that endpoint group prior to that) and then select the profile name. If you want to except globally you have to select global
Creating a Profile for Each Endpoint Group
- Go to policy management on the left pane > profile tab> add a profile on top right> create new select the platform(windows) and then select exceptions > next> put a name and click on create
Creating a Policy for the Profile
- You need to create a policy for that profile
- Go to policy management on the left pane and on the policy rule tab:
- Click on add policy on top right > create new
- Put a name and select the platform(windows) and then select the platform and leave all the items as default > Next and then create a filter and select all the endpoint with specific alias for that group > then Next and done
