- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Find Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax'
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Correlation Rule Sequences
- Correlation Rules Templates
- Create Correlation Rules
- Create a Correlation Rule Using the Exabeam Nova Rule Creator
- Create a Correlation Rule from Scratch Using the Manual Rule Creator
- Create a Correlation Rule from a Template
- Create a Correlation Rule from Search
- Group by Field in Correlation Rules
- Detect Absent Events or Fields Using Correlation Rules
- Granular Suppression
- Correlation Rule Evaluation Delay
- Manage Correlation Rules
- Find Correlation Rules
- Share Correlation Rules
- View Correlation Rules Metrics
- Threat Scoring
Edit an Exclusion
Change the name, description, conditions, and scope of an exclusion.
Under Exclusions, click View all Exclusions.

For an exclusion, click the More menu
, then select Edit.Edit the exclusion details:
Exclusion Name – Enter the exclusion name.
(Optional) Description – Enter details about the purpose or use of the exclusion.
Condition – Enter an expression that defines the events or event field values excluded from triggering an analytics rule. Ensure that you use the appropriate syntax.
Scope – Define the analytics rules to which the exclusion applies:
To exclude events or event field values matching the conditions from triggering any analytics rule, select Global.
To exclude events or event field values matching the conditions from triggering one or more specific analytics rules, select Specify rules. Click the empty field, then from the list, select an analytics rule. To find a specific analytics rule, start typing, then select an analytics rule from the list.
To exclude events or event field values matching the conditions from triggering one or more analytics rule families, select Specific rule families. Click the empty field, then from the list, select a family. To find a specific analytics rule family, start typing, then select a family from the list.
Enable or disable the exclusion:
To enable the exclusion, toggle Enable on.
To disable the exclusion, toggle Enable off.
Click Save.