Create Anomaly Exceptions
Use Anomaly Exceptions to create an allowlist of known behaviors that should no longer trigger Sanctioned Service anomalies.
For example, if your organization deletes inactive users at the end of each month, you can create an exception based on the Account Deletion anomaly and the date range you expect to delete user accounts during. Or, if users access their system using a VPN triggering the Superhuman Anomaly, you can create an anomaly exception preventing your VPN's IP address from triggering the Superhuman Anomaly.
NOTE: You cannot create exceptions for Shadow Service Anomalies.
To create an Anomaly Exception:
- Go to Incidents > Anomalies > Anomalies.
- Select the required Service from the menu.
- Use the Date Picker and select a preset or custom date range to supress the selected anomalies only from the specified date range. The suppressed anomalies will be removed from the count in the anomaly list.
NOTE: To supress the selected anomalies with No End Date (permanently), click the From field to select the start date of your choice, the To field to select the end date as the current date, and then select UTC: Coordinated Universal Time from the Time Zone menu.
- Search for the exception criteria in the Omnibar. For example, if at the end of every quarter HR deletes old user accounts, run an Omnibar query for the user names of the users who do the deletion, Account Deletion anomaly, and the timeframe that the deletion will occur.
- Under Actions, click Create an Exception.
- Enter the name for the exception and click Save Changes.
Once the changes are saved, a successful message is displayed at the bottom of the page and anomalies displayed per the filters are suppressed.
Exception rules prevent creating anomalies. Deleting an exception rule resumes anomaly generation. For details, see Delete Anomaly Exceptions.