Viewing Expired Security Events
Security events in the Event Viewer can be filtered to show only expired events. Expired security events are events that the system has determined as safe. As such, these security events are only triggered once and then saved internally in the system. There is no need to define an exception for them. Expired security events cannot be handled in the system in any way, such as marking them as read/unread, defining an exception for them and so on.
Expired security events can only occur when a Collector is connected to the Core, and do not occur when a Collector works autonomously.