Filter Uncommon Host Processes

Hello,

Read here (Uncommon Processes) that the Uncommon Processes query is an aggregation on process.name sorted by host cardinality first (cardinality of host.name where this process name occurs) and number of documents second.

The result is that the list if full of processes from our Rundeck server, which generates a unique id for each job running.

Is there any way to prevent these processes from showing up in SIEM? They look like:

548-129241-loca
549-129241-loca
550-129241-loca

Grtz

Willem