[Detections] Endpoint Exceptions workflow should allow OS selection #94304
Labels
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
kevinlog
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
We currently support both Mac and Windows Malware alerts. In the Exceptions workflow, there isn't an option to select a specific OS. As a result, when creating an Exception, it will be assigned to both Mac and Windows and the Endpoint will download an Exceptions artifact that contains Exceptions intended for either OS regardless of the OS the Endpoint is running on.
Exceptions modal, no OS selection:
After creating the Exception, you can see that it applies to both OSs:
The proposal here is to allow the user to select the OS in the Exceptions workflow so that they can differentiate as they see fit.
The pre-populated modal could pre-select an OS based on the OS that the Endpoint Alert originated from.
Describe a specific use case for the feature:
The text was updated successfully, but these errors were encountered: