You can use a whitelists in a Warehouse Analytics Job so that the domains that are not suspicious can be ignored while processing. You can use whitelists only in the Suspicious Domains and Suspicious DNS Activity report.
Make sure that:
- You have created the whitelist. For example, a list of domains that are confirmed to not be suspicious or a whitelist of domains on which no DNS activities occur. For more information on creating a list, see Add a List in the Reporting Guide.
- You have downloaded the Warehouse Analytics Jobs from the Live Server. For more information, see Download Warehouse Analytics Model from Live Server.
- You have understood the components of the Warehouse Analytics view. For more information, see Warehouse Analytics View.
- You have understood the components of the Job Definition view. For more information, see Job Definition View.
Perform the following steps to add and schedule a job for execution:
- In the Security Analytics menu, click Reports.
The Manage tab is displayed.
- Click Warehouse Analytics.
The Warehouse Analytics view is displayed, as shown below:
- In the Warehouse Analytics toolbar, click .
The Job definition tab is displayed.
- Define the job and the schedule. For more information, see Define a Warehouse Analytics Job.
- In the Advanced Options, do the following:
- In the Model Params field, enter the parameters to include the whitelist.
- For Suspicious Domains model, enter the parameter name as model.suspiciousDomains.whiteList.file and select the list using . For more information, see Analyze a Suspicious Domains Report.
- For Suspicious DNS Activity model, enter the parameter name as model.dns.whiteList.file and select the list using . For more information, see Analyze a Suspicious DNS Activity Report.
- Click Save.
The scheduled job executes as scheduled and provides the configured outputs.