Skip Navigation
  1. BlackBerry Docs
  2. Behavioral Detection Getting Started Guide
  3. Adding exceptions

Adding exceptions

In some cases, alerts may be triggered by legitimate business applications installed on your users’ devices. If this occurs an exception is required to ensure business continuity and to prevent unnecessary alerts from being reported to the console.
Exceptions can be added in two ways:
  • From the
    CylanceOPTICS
     > Behavioral Detection Engine > Exceptions
     tab
  • From the
    Alerts
     view
Regardless of where the exception was created, the
Exceptions
 tab displays a list of all exceptions for the tenant, including the name, description, alert description, assignment, and the date the exception was last modified.

Adding exceptions from the Exceptions tab

You can add exceptions from the
CylanceOPTICS
 > Behavioral Detection Engine > Exceptions
 tab.
Screenshot of adding an exception from the BDE tab
When adding an exception from the
Exceptions
 tab, specify the MITRE tactic and technique for which you want to create an exception along with an appropriate alert description.
Screenshot of specifying the techniques and tactic of an exception
Next, specify one more conditions, including the artifact, facet, operator, and value for each condition.
Screenshot of adding conditions to an exception
In the
Assigned To
 tab, assign the exceptions appropriately using one of the options. For more information, see the next section on "Assigning exceptions globally, to zones, to devices, or to device policies" in this guide.

Adding exceptions from the Alerts view

If you observe an alert for a legitimate business application in the Alerts view, you can use AI to add exceptions. The details of the exception, including the conditions, are automatically defined by AI based on the alert.
To add an exception in the Alerts view, simply open the alert and use the
Actions
 menu on the top right of the screen.
Screenshot of adding an exception from the Alerts view via the Action menu
In the
Add exception
 dialog box, review the details of the exception, and then make changes if necessary.
Screenshot showing exception details generated by AI
In the
Assigned To
 tab, assign the exceptions appropriately using one of the options. For more information, see the next section on "Assigning exceptions globally, to zones, to devices, or to device policies" in this guide.

Assigning exceptions globally, to zones, to devices, or to device policies

Regardless of how you add a detection exception, you must specify how to assign them to devices. When configuring an exception, in the
Assigned To
 tab, you can specify whether to assign the exceptions globally, to zones, to devices, or to device policies.
  • Global: Applies the exception to your organization’s entire tenant
  • Zones: Applies the exception to the zones that you select and all devices assigned to those zones.
  • Devices: Applies the exception to the selected devices
  • Device Policies: Applies the exception to all devices that are assigned to the selected device policies
Screenshot of assigning exceptions