MDR Security Telemetry exclusions
The MDR Security Telemetry exclusions page in GravityZone Control Center provides visibility into the exclusion rules applied to the security events selected in the endpoint policy under Agent > Security Telemetry. Raw data from excluded events is not forwarded to the selected SIEM solution for advanced analysis.
Note
For details regarding the Security Telemetry feature, refer to Security Telemetry.
These exclusions are configured exclusively by the Bitdefender MDR analysts based on internal assessments, such as noise reduction, irrelevant data patterns, or operational constraints. While you cannot configure or modify exclusions, this page ensures transparency, which helps prevent confusion in cases where certain security events do not appear to be ingested in your SIEM.
Note
Modifications to these exclusion rules can be made only by submitting a request to Bitdefender Enterprise Support.
Important
You can access the MDR Security Telemetry exclusions page only if you have the Contact details for MDR section filled in with valid data.
Page overview
The page provides:
A brief description of the MDR Security Telemetry exclusions functionality
A table containing the MDR Security Telemetry exclusion rules configured for your company, or for another managed company if selected
Filters that allow you to refine the list of exclusions
Viewing the MDR Security Telemetry exclusion details
Exclusion rules are organized by event type and the associated event attribute used to identify the excluded item. Therefore, the table on this page contains the following columns:
Event type - For example: Process creation, File deletion, File creation
Event attribute - For example: Process path, Username, Path
Excluded item - The exact value or pattern that has been excluded from telemetry collection, for example:
test.exe,*\test.exe
For a complete list of Security Telemetry data types that can be excluded, refer to Security Telemetry events sent to SIEM.
To improve data visibility, use the filtering options at the top of the page. Exclusions can be filtered by managed company, event type, or event attribute.