Question & Answer
Question
What is the best way to manage Assets Identity Exclusions?
Cause
Sometimes customers need to limit the automatic discovery of assets. Rather than stopping the assets service which would turn off discovery of all assets, there is a more desirable method of doing this.
Answer
The recommended method of managing Asset Autodiscovery
Results: You can now exclude Assets per your search results.
- Log in to the QRadar User Interface.
- Click Log Activity.
- Click Search > New Search.
- Create a search that has the criteria that are required to exclude Assets.
- Click Filter.
- Click Save Criteria.
- Give the Search a name > Assign search to a Group.
- Click OK.
- Click Admin tab > Asset Profiler Configuration.
- Click Manage Identity Exclusion.
- Create a rule that suppresses any identify updates that fit the criteria to be excluded.
- Click Save.
Results: You can now exclude Assets per your search results.
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
09 March 2021
UID
swg21995509