Which action is unnecessary when creating new exclusions in CrowdStrike?

When creating new exclusions in CrowdStrike, including detection criteria is unnecessary because exclusions are typically meant to specify which events or actions should be ignored by the system, rather than define new detection parameters. The purpose of exclusions is to streamline the detection process by preventing specific data from being flagged or responded to, often for trusted applications or known false positives.

Selecting a host group, adding a comment for auditing, and choosing exclusion actions are all essential steps. Selecting a host group determines where the exclusions will apply. Adding comments helps maintain an audit trail for future reference, allowing administrators to understand why specific exclusions were made. Choosing exclusion actions defines how and when the exclusions should take effect, ensuring that the exclusions are effectively implemented within the appropriate context. Thus, while all these actions contribute to an effective exclusion setup, defining detection criteria is not necessary as part of that process.