Read here (Uncommon Processes) that the Uncommon Processes query is an aggregation on
process.name sorted by host cardinality first (cardinality of
host.name where this process name occurs) and number of documents second.
The result is that the list if full of processes from our Rundeck server, which generates a unique id for each job running.
Is there any way to prevent these processes from showing up in SIEM? They look like: