When creating IOA exclusions, which type of detection cannot be excluded?

When creating IOA (Indicators of Attack) exclusions, OverWatch detections cannot be excluded. OverWatch detections represent advanced threat hunting performed by CrowdStrike's team, who provide visibility into sophisticated attacks that may not be captured by standard detection methods. As these detections are based on the expertise and analysis of security professionals, excluding them could result in overlooking critical indicators of an active threat.

In contrast, custom IOA detections, standard detections, and false positive detections can be managed and excluded based on specific configurations or misinterpretations of legitimate activity. Custom IOA detections are tailored by organizations to meet their unique needs, and exclusions can help to refine detection rules. Standard detections provide baseline detection capabilities, and false positive detections signify benign activity that has been wrongly flagged as malicious. Therefore, these types of detections are eligible for exclusion adjustments to enhance the effectiveness of security monitoring without compromising the integrity of threat analysis provided by OverWatch.