Event Bypass Management
Genian Insights E can collect all events that occur in Endpoints, not just Threats events. If the volume of events is large and the events are frequently triggered by security programs, you can selectively use Event Bypass Rules.
In addition, if events occur frequently due to security programs and business programs, you can selectively use Event Bypass Rules. Exception handling for known security programs is provided by default, and new exception handling rules can be added by copying group settings based on the default exception group.
Add Event Bypass Rules
- Go to Policy > Event Bypass Management > Event Bypass Rules menu and click the ‘Add’ button at the top.
- The Add Event Collection Exception Group pop-up window appears. After confirming the name, whether to use it, and whether to select an exception group to copy, click the ‘Create’ button. By checking the exception items of the program registered as default, you can conveniently set the collection exception when selecting the exception group to copy.
- After adding an exception group, click 'Added group name' in the list.
- Click the Add Event Collection Exception button. In the screen below, if you move your mouse over the business program exception, you can edit the name and add a description when you click the 'pencil icon'.
- A pop-up window for adding event collection exception appears, select the event type (file, process, module, network, registry) and click the OK button.
- When adding process exception handling as shown below, a pop-up window for inputting additional information is displayed.
- After entering information about the process to be handled as an exception, click the Save button.
- You can check the exception handling process information added earlier on the collection exception detail screen.
- When setting exceptions, you must click the 'Apply Now' button in the upper right corner to send the policy to the agent immediately.
Delete Event Bypass Rules
- After selecting the exception group to delete, the ‘Delete’ button will be activated, allowing you to delete the exception group.
- When deleting exception settings, the policy is delivered to the agent immediately after clicking the ‘Apply Now’ button at the top right.