Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.0 Administration Guide

Defining Exclusion Lists

5.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 30b84173-e130-11ec-bb32-fa163e15d75b:950350
Download PDF

Defining Exclusion Lists

An Exclusion List contains a list of exclusions. You can assign Collector Groups to an Exclusion List in order to specify that the exclusions in the Exclusion List apply to the Collectors in the Collector Groups assigned to it. Exclusion Lists enable you to logically organize, categorize and group exclusions based on the type of activity data they are to exclude.

For example, let’s say that you want to collect network activity data for your system, but a specific application generates quite a bit of uninteresting logistical network activity that you do not want to collect. In this case, you can define an Exclusion List named after that application that contains one or more exclusions that relate specifically to the network activity generated by that application. Exclusion Lists can be organized anyway you see fit. For example, you can create an Exclusion List for security products, a different one for PDF documents, a different one for HR-related software and so on.

FortiEDR comes with a default General Exclusion List that includes important exclusions. The exclusions in this group are not editable.

Adding an Exclusion List

To define an Exclusion List:
  1. Click the + Add List option and provide a name to create a new Exclusion List.
  2. Add (define) the exclusions of this Exclusion List (as described on the following page). Each exclusion that you add belongs to a specific Exclusion List.
  3. Assign Collector Groups to this Exclusion List (as described below) in order to determine to which Collector Groups these exclusions apply. A Collector Group can be assigned to multiple Exclusion Lists.
Assigning a Collector Group to an Exclusion List

You can perform the following operations on an Exclusion List:

Operation

Description
Assign a Collector Group Click the + button in the Exclusion List to which to assign a Collector Group. Then, select the Collectors groups to which to assign this list and approve it. Note that a Collector Group can be assigned to multiple Exclusion Lists.
Unassign a Collector Group Click the + button and uncheck the Collector Group to be removed from an Exclusion List.
Delete Exclusions List Click the Delete button. Note that all Exclusions in this list will be removed and will no longer be applied to the assigned Collector groups.
Previous
Next

Defining Exclusion Lists

An Exclusion List contains a list of exclusions. You can assign Collector Groups to an Exclusion List in order to specify that the exclusions in the Exclusion List apply to the Collectors in the Collector Groups assigned to it. Exclusion Lists enable you to logically organize, categorize and group exclusions based on the type of activity data they are to exclude.

For example, let’s say that you want to collect network activity data for your system, but a specific application generates quite a bit of uninteresting logistical network activity that you do not want to collect. In this case, you can define an Exclusion List named after that application that contains one or more exclusions that relate specifically to the network activity generated by that application. Exclusion Lists can be organized anyway you see fit. For example, you can create an Exclusion List for security products, a different one for PDF documents, a different one for HR-related software and so on.

FortiEDR comes with a default General Exclusion List that includes important exclusions. The exclusions in this group are not editable.

Adding an Exclusion List

To define an Exclusion List:
  1. Click the + Add List option and provide a name to create a new Exclusion List.
  2. Add (define) the exclusions of this Exclusion List (as described on the following page). Each exclusion that you add belongs to a specific Exclusion List.
  3. Assign Collector Groups to this Exclusion List (as described below) in order to determine to which Collector Groups these exclusions apply. A Collector Group can be assigned to multiple Exclusion Lists.
Assigning a Collector Group to an Exclusion List

You can perform the following operations on an Exclusion List:

Operation

Description
Assign a Collector Group Click the + button in the Exclusion List to which to assign a Collector Group. Then, select the Collectors groups to which to assign this list and approve it. Note that a Collector Group can be assigned to multiple Exclusion Lists.
Unassign a Collector Group Click the + button and uncheck the Collector Group to be removed from an Exclusion List.
Delete Exclusions List Click the Delete button. Note that all Exclusions in this list will be removed and will no longer be applied to the assigned Collector groups.
Previous
Next