Configuring exclusion rules

In the Application & Services → NGFW → Objects → Security profiles → IDPS → Exclusion rules section, you can create rules based on signature parameters from security events sent to the SIEM system For example, in case of false positives being generated by certain signatures, you can create separate rules for such signatures and set an action for these rules that is different from the action specified in the main profile.

Exclusion rules are applied in the order they appear in the table, from top to bottom. If the signature matches an exclusion rule, no further exclusion rules are looked at.

The table of exclusion rules is displayed in the Security profiles → IDPS section separately in each IDPS profile in the Exclusion rules section.

The table contains the following information about exclusion rules:

• ID is the unique ID of the signature.
• Name is the name of the exclusion rule that must be unique within an IDPS profile.
• Vulnerability type is the type of vulnerability or threat.
• Priority is the importance assigned to the rule. Can be Low, Medium, or High.
• MITRE tactic is the MITRE tactic.
• MITRE technique is the MITRE technique.
• Logging is the logging status indicating whether or not a security event is sent to the SIEM system when a signature is detected.
• Action is the action that is applied to traffic when a signature is detected.

Page top