Hidden Detections by User

Good Afternoon,

I would like to know if It´s possible that we can hide or filter generated detections by user, or It´s not possible?

Thanks in advance.

Regards,

Hi @rcastillo,

Are you asking about hiding/tuning detections based on the user that performed the activity we detect, or are you asking about showing different users logged into the ExtraHop different sets of detections?

Thanks,
Ted

Hello @teddriggs,

Actually, It´s the first one, I would like to know if I can hide/tune detections based on the user that performed the activity we detect, Is It that possible?

Thanks.

Regards,

It’s not directly possible today, I’m afraid.

The questions below may help us find a way forward:

  1. Are you looking to hide specific detection types by user (as opposed to hiding all detection types)? If so, can you share what those detection types are? cc @swagatdasgupta
  2. Would “hiding detections by assets from which that user has recently authenticated” be sufficient for your needs? Reveal(x) tracks users “on” an asset based on observed authentications.

Hello @teddriggs,

In fact, It´s the first one, my idea was to hide the detections of any type (SQL Injection, Remote Service, Remote Control, External Connections, etc) that have only been generated by the same user, I thought that the EDA could make this request.

Regards,

Thanks for clarifying. Hiding detections of multiple types based on the offending user is not currently supported.