Documentation

Exclusions

Suggest Edits

An Exclusion is a set of MQL logic used to avoid alerting on phishing simulations and other benign messages.

Exclusions are evaluated before Detection Rules or Automations are run on a message.

There's three kinds of Exclusions:

  1. Global Exclusion: messages matching a Global Exclusion are not analyzed by any Detection Rules or Automations
  2. Detection Rule Exclusion: messages matching a Detection Rule Exclusion are not analyzed by any Detection Rules (Automations will still process)
  3. Rule Exclusion: looks for the unique combination of a specified Detection Rule or Automation and a sender, sender domain, or recipient. If the Rule Exclusion matches the message, it prevents the Rule from matching, thereby reducing false positives.

There are three out-of-the-box Global Exclusions for Cofense, KnowBe4, and Hoxhunt that are inactive by default.

Exclusions are visible on impacted messages on the message list table and details page. You can view the Exclusion MQL on the message details page or head to the Exclusion details page.

Updated 18 days ago