Excluding events

Event exclusions allows for customization of the results view for each organization or to no longer create incidents for specific events

To exclude certain events from populating into an app can be performed at the provider, organization, or device levels. Exclusions made at the provider level will affect all organizations and one made at the organization level will apply to all of that organization's devices.

The excluding will prevent future results of that type from being reported.

Event exclusions for following apps:

Advanced Breach Detection
Crypto Mining Detections
Cyber Terrorist Network Connections
Defender Manager
Malicious File Detection
Suspicious Network Services
Suspicious tools
Endpoint Log Monitor

Provider / Organization Level

Depending on the app, locate the Technique, Tool, Country or Service of the event that is populating into the event list.
On the related app tile select Configure.
Locate the event in the list and toggle to NO > update.

Device Level

Locate machine from the devices list and click on details.
Apps tab > select which app > configure.
Toggle NO for each event to no longer report a detection then hit Create.

Incidents list

If an event created a notification, navigate to the Incidents list.
locate the incident and click View Details.
Navigate to that device in the devices list, view details then apps and configure for the related app to toggle NO for that event. This will no longer create a notification and the detection will not populate into the app.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.