How can we tune the detection to ignore DataExfiltration to bookcreator.com ??? Is there a good way to do it somewhere?
While there is research being done to enable tuning Exfil detections like this by host, there is currently no way to do that. Right now the best alternative is to hide by CIDR block, if the vendor has published a stable CIDR block of endpoints.