Skip to main content
  • CLOUD SOLUTIONS
  • MDR service
  • MDR Security Telemetry exclusions

MDR Security Telemetry exclusions

The MDR Security Telemetry exclusions page in GravityZone Control Center provides visibility into the exclusion rules applied to the security events selected in the endpoint policy under Agent > Security Telemetry. Raw data from excluded events is not forwarded to the selected SIEM solution for advanced analysis.

Note

For details regarding the Security Telemetry feature, refer to Security Telemetry.

These exclusions are configured exclusively by the Bitdefender MDR analysts based on internal assessments, such as noise reduction, irrelevant data patterns, or operational constraints. While you cannot configure or modify exclusions, this page ensures transparency, which helps prevent confusion in cases where certain security events do not appear to be ingested in your SIEM.

Note

Modifications to these exclusion rules can be made only by submitting a request to Bitdefender Enterprise Support.

Prerequisites for access

You can access the MDR Security Telemetry exclusions page only if the following requirements are met:

  • As a Customer with a monthly subscription, the Managed Detection and Response Foundations option is enabled in your license settings by your Partner, or you are within the 30-day grace period following the MDR service deactivation.

  • As a Customer with a yearly license, you have an active MDR license or you are within the 30-day grace period following its deactivation.

Page overview

The page provides:

  • A brief description of the MDR Security Telemetry exclusions functionality

  • A table containing the MDR Security Telemetry exclusion rules configured for your company

  • Filters that allow you to refine the list of exclusions

mdr-service-security-telemetry-exclusions_cl_1314724_en.png

Viewing the MDR Security Telemetry exclusion details

Exclusion rules are organized by event type and the associated event attribute used to identify the excluded item. Therefore, the table on this page contains the following columns:

  • Event type - For example: Process creation, File deletion, File creation

  • Event attribute - For example: Process path, Username, Path

  • Excluded item - The exact value or pattern that has been excluded from telemetry collection, for example: test.exe, *\test.exe

For a complete list of Security Telemetry data types that can be excluded, refer to Security Telemetry events sent to SIEM.

To improve data visibility, use the filtering options at the top of the page. Exclusions can be filtered by event type or event attribute.

In this section: