When grouping alerts by entities it can be possible to group too many alerts because the entity occurs often within your logs. This can interfere with case triage and incident investigation by attaching irrelevant alerts. What feature can you use to prevent this from happening?

 

When grouping alerts by entities it can be possible to group too many alerts because the entity occurs often within your logs. This can interfere with case triage and incident investigation by attaching irrelevant alerts. What feature can you use to prevent this from happening?

 

• Exception list
• Playbooks
• Filter list
• Blocklist