Create rerun task

note

Note

If the rerun rules button was used on the Detection rules page or rule details, some data specific to rule(s) are prefilled.

The create rerun task process is divided into three parts:

Basics

oName—name the rerun task for future identification

oComment—optional more in-depth description of the exclusion

Rerun settings

oRerun rule(s) on selected targets—select the group of computers or individual computers on which you want to rerun the task

oRerun evaluate events in time frame—select the time frame of events that you want to run the rerun task on

oLimit detections to—limit the number of detections that will appear in a rerun task result

oAdd detections to the main detections table immediately—select the check box if you want the result detections to be moved to the main Detections tab list

oIgnore exclusions for this task—select the check box if you want the task to ignore/exclude detections that match rules picked from the next step of rerun task creation process

Rules

Select rules that you want to rerun.

oADD FILTER

Rule Name—filter a rule by its name (whether equal or unequal)

Some of the filters have a funnel Executables_Funnelnext to it with two or four possible predefined options:

Unknown—the value in the filtered column is not available (probably not known value at the time of occurrence)

Known—the value is available

None—value is an empty string

Any—the value is not empty. Negation of None filter

note

Note

All filters can be combined with one another.

In the end there is a summary with the overview of selected parameters for rerun task.

Admin_Continue_Buttonthe button is used to continue to next part during rerun task creation

Admin_Create_Task_Buttonuse for creating the rerun task

Admin_Blocked_Hashes_Add_Hashes_Canceluse to cancel the process of creating rerun task