Views:

You can add domain, file SHA-1, file SHA-256, IP address, sender address, and URL objects to the exception list.

File exceptions are hash-based rather than path or file based. Exceptions are specific to each hash value, so you must add each new hash even if the file already appears in the Exception List.
To create the hash for executable or other files, see Compute the SHA‑256 or SHA‑1 file hash.
If the detection originated from a model or filter that supports object values with wildcards, add the exception directly from the alert context menu to exclude matching objects from that specific detection filter.
Exceptions override suspicious objects during the next synchronization to connected products. They may take a few minutes to take effect.

Procedure

  1. Go to Threat IntelligenceSuspicious Object Management.
  2. Click the Exception List tab.
  3. Click Add.
    The Add Exception screen appears.
  4. Select the Method.
    • Domain: type a domain name.
      The domain prefix supports one wildcard * connected with a ., for example, *.example.com.
    • File SHA-1: type the SHA-1 hash value of a file.
    • File SHA-256: type the SHA-256 hash value of a file.
    • IP address: type a single IP address, a classless inter-domain routing (CIDR) block, or a hyphenated range. Both IPv4 and IPv6 are supported.
      The format you use determines how the exception is matched:
      • 192.168.1.50: matches this exact IP address only
      • 192.168.1.50/24: CIDR notation matches every address in the specified subnet
      • 192.168.1.50-192.168.1.51: matches every address in the range, inclusive of both endpoints
      Use CIDR notation instead of subnet-mask notation which is not supported.
    • Sender address: type an email address.
    • URL: type a URL.
      You can use a wildcard * for the beginning of the domain part, end of the path part, or in both places, for example, abc.example.com/path1/path2, *.example.com, abc.example.com/*, and *.example.com/path/*.
  5. Type a description.
  6. Click Submit.
    The object appears in the exception list. Exceptions can take a few minutes to take effect and apply. TrendAI Vision One™ excludes the object from the suspicious object list during the next synchronization and will not add it as a suspicious object in the future.
Comments (0)