Adding Exclusions to Rules

00:03: In this tutorial, you will learn how to view logs in Harmony Endpoint and create exclusions for specific events.

00:09: Harmony Endpoint generates logs for every security event and activity that occurs in it.

00:16: To get started, log in to the Infinity Portal and select Harmony Endpoint.

00:21: To view logs, from the left navigation panel, click "Logs" and select the required logs widget. The page shows all the logs that were generated in the last 24 hours.

00:29: To create an exclusion from a specific log, locate the event you want to exclude in the Logs table. Click the Actions menu next to that event. You can choose Create Exclusion for All Rules to apply broadly or Create Exclusion for Exclude RuleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. for a specific rule.

01:07: Using filters and checkboxes, you can filter the logs that you want to investigate. You can apply filters like Time, Severity, Blade, action type to quickly find relevant events. This helps you focus on what matters most.

01:18: To view more information related to a specific log, click the log to view the details on the Card.

01:25: You can create exclusions from the logs or the Exclusions Center.

01:29: Exclusions allow you to prevent specific files, folders, or processes from being flagged as malicious. This helps reduce false positives.

01:37: The Exclusions Center shows all the rule-based and global exclusions created in your account.

01:43: To create exclusions from Exclusions Center, from the left navigation panel, click "Policy" and go to "Policy and Capabilities". In the Capabilities and Exclusions pane, click Exclusions Center and click Add Exclusion. Enter a name, set the status to Enabled, and choose the exclusion type such as File, Folder, or Process. You can also specify whether the exclusion applies to all supported blades or select specific ones.

02:06: Global Exclusions refer to a centralized list of trusted items, such as files, folders, or processes, that are exempt from security scans or enforcement actions. To access Global Exclusions, go to Policy > Global Exclusions. Here you can add exclusions that apply across all policies and endpoints. Use this for trusted domains, files, or processes that should never trigger alerts anywhere in your environment.

02:26: For a deeper investigation, open the Forensics Report from the Event Details panel. It provides a timeline of activities, impacted files, and recommended actions. To download the Forensics Report, click on any security event in the Logs table. This opens the details panel on the right. Under the Forensics Report section, you’ll see links such as Forensics Alert and Download the Forensics Report. Click these to open the detailed Forensics analysis, which includes a timeline of the incident, related files, behavior paths, and recommended remediation steps.

02:55: Thank you for watching the video.

You can use either Legacy Exclusions and Smart Exclusions to add your exclusions. However, we recommend that you use Smart Exclusions for the easy of managing exclusions.

Note - Smart Exclusions is supported only with Endpoint Security Client version E87.40 and higher.