Skip to main content

Product Update: Preserve Violations When Whitelisting Entities

Related products:Unified Defense SIEM (UDS)
  • November 2, 2025
  • 0 replies
  • 5 views
Product Update: Preserve Violations When Whitelisting Entities
I
Forum|alt.badge.img+1

 

Whitelisting Just Got Smarter: Preserve Violation Records with Zero Risk

Release: September R1

Category: Risk Scoring & Whitelisting

Available To: All Customers

 

🚀 Overview

You asked for more control—and it’s here.

With this release, analysts can now preserve violation records even after reducing an entity’s risk score to zero.

This enhancement gives SOC teams the flexibility to clean up dashboards without losing valuable historical context for investigations, audits, or analytics.

 

 

🆕 What’s New

When you apply a whitelist action to reduce an entity’s risk to zero, you’ll now see a new option to retain associated violation records instead of deleting them.

Retained violations are:

 

  • Hidden from operational dashboards like SAC and SCC

  • Preserved in the underlying index for audits, Spotter queries, and investigations

 

This means you can declutter your views while keeping the complete history available behind the scenes.

 

 

💡 Why This Matters

Previously, whitelisting an entity automatically deleted all related violations—a challenge for teams needing full audit trails or historical analysis.

With this enhancement, you can:

 

  • Maintain compliance by preserving key violation data

  • Support root cause and trend investigations

  • Keep dashboards clean without losing visibility into past activity

  • Balance data retention with operational efficiency

 

 

🔍 How It Works

  1. From Entity Whitelisting, select the entity you want to whitelist.

  2. Apply the Reduce Risk to Zero action.

  3. When prompted, choose whether to Delete or Retain Violations.

  4. If retained, the violations are hidden from SAC/SCC dashboards but remain accessible via Spotter or audit tools.

 

Note: Retained violations do not affect ongoing scoring or alert prioritization—they’re available for reference only.

 

🚀 Benefits

  • Full audit trail preservation

  • Cleaner dashboards, no data loss

  • Improved compliance posture

  • Greater flexibility for SOC workflows

 

📅 Availability

This feature is part of the September R1 Release and is available now in your environment.

 

💬 We’d Love Your Feedback

Does this new option make your whitelisting process smoother or more audit-friendly?

Tell us in the comments below—your insights directly shape future platform improvements.

0 replies

Be the first to reply!


Terms & ConditionsCookie settingsAccessibility statement