Configuring exclusion rules
By configuring exclusion rules, you can filter or exclude detections from being converted into vulnerable items (VITs) during ingestion. This filtering helps streamline vulnerability management by reducing noise and prioritizing critical issues.
Execution order behavior
The execution order defines the priority in which exclusion rules are processed. Rules with a lower execution order value are evaluated first.
- Default execution order for new rules
When you create an exclusion rule, the system automatically assigns an execution order to maintain spacing and avoid conflicts.
System behavior:- The first rule created: Execution order = 1000
- Subsequent rules: Execution order = (highest existing execution order) + 1000
- Updating execution order via drag
In the Security Exposure Management Workspace, you can reorder exclusion rules using drag in the list view. When rules are repositioned, execution order values are recalculated automatically based on their new position.
System behavior:- Between two rules: New execution order = (Order of previous rule + Order of next rule) ÷ 2
- Moved to the top of the list: New execution order = (Execution order of current top rule) ÷ 2
- Moved to the bottom of the list: New execution order = (Execution order of current bottom rule + 1000)