Exclusions can be handy when applying policy or looking for risks. This guide will walk you through the process of excluding certain criteria from scanning or policy enforcement.
STEP ONE:
Login to your instance.
STEP TWO:
Navigate to the Audit & Control page then select the Title of your desired Filtered View cloud environment.(Global Views will show all accounts in your domain, while filtered views will show only users for that view.)
STEP THREE:
On any Filtered View tab you will find the Configure button in the top right of the screen. Select the button and click Exclusions.
STEP FOUR:
Enable exclusions by selecting the Disabled button in the top right, which will turn the switch to Enabled.
STEP FIVE:
On the bottom Left of the page Select "Create New Exclusion".
STEP SIX:
Choose a name for your exclusion, and then create the rules.
Note: You can create multiple conditions by selecting the "Add Condition" Button.
Source: The origin of the exclusion, this could be User, File, or Message.
Depending on the Source there will be varying options for exclusions.
User:
Organizational Units: OU's to exclude from scanning. OU's from your environment will be automatically populated.
User Email: The email address of the user to exclude.
Groups: Groups to exclude. These will be automatically populated from your environment.
File:
Sharer Email: The email address of the person sharing a file.
Organizational Units: OU's to exclude from scanning. OU's from your environment will be automatically populated.
Domain Name: the domain that you wish to exclude (ex: google.com).
Owner Email: The email of the file owner.
File Name: The name of a file or attachment that you wish to exclude.
Groups: Groups to exclude. These will be automatically populated from your environment.
Message:
Sender Email: The email address of the person sending the email.
Organizational Units: OU's to exclude from scanning. OU's from your environment will be automatically populated.
Domain Name: the domain that you wish to exclude (ex: google.com).
Groups: Groups to exclude. These will be automatically populated from your environment.
Receiver Email: The email address of the person receiving the email.
Note: Input fields have a 255 character limit.
STEP SEVEN:
Choose what to rules exclude the conditions from.
Malware: Exclude the entities defined in conditions from malware scanning
Phishing: Exclude the entities defined in conditions from Phishing scanning.
Policy: Select the Policies that you wish to exclude the defined conditions from.
Risk: Exclude the defined conditions from risk scanning, note that all risk scans will be excluded.
STEP EIGHT:
Select the Update Button
STEP NINE:
Remember To Save!
EXTRAS:
Exclusions can be enabled/disabled, deleted or edited it any time by selecting the corresponding icons.