How do I create an Endpoint Exception that only apply to one specfic host? I have alot of servers in one Fleet policy and would like to excluse w3wp.exe. This however a dangerous blindspot so of course i want to limit that exception.
is it enough to add "host.name IS specifichostname" as a condition into a policy- (Got Premium) or global exception?
So as far as I recall Endpoint Exceptions remain global (no way to separate by policy at this time), but adding a host.name qualifier AND'ed to the w3wp.exe exclusion exception will ensure that it's isolated to that host. It is slight overhead for the remaining hosts, but I'm not aware of any other way to accomplish this at this time.
You could of course add this as a Rule Exception instead, that way the underlying endpoint event still gets generated, but the rule just won't create an alert for it.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.