I have recent deployment of NW Malware appliance and it is picking up an unusually high number of High Confidence events. Some of the files it has detected are in-house custom scripts or applications. Is there a way to exclude these files from being analysed and therefore creating events?
Malware - Spectrum - What's involved...
if you create an app rule to flag those items as content=spectrum.filter then they should be removed from the processing pipeline
MA: Configure Malware Analysis Operating Environment