Use Anomaly Exceptions to create an allowlist of known behaviors that should no longer trigger Sanctioned Service anomalies.
For example, if your organization deletes inactive users at the end of each month, you can create an exception based on the Account Deletion anomaly and the date range you expect to delete user accounts during. Or, if users access their system using a VPN triggering the Superhuman Anomaly, you can create an anomaly exception preventing your VPN's IP address from triggering the Superhuman Anomaly.
NOTE: You cannot create exceptions for Shadow Service Anomalies.
To create an Anomaly Exception:
- Go to Incidents > Anomalies > Anomalies.
- Select the required Service from the menu.
- Search for the exception criteria in the Omnibar. For example, if at the end of every quarter HR deletes old user accounts, run an Omnibar query for the user names of the users who do the deletion, Account Deletion anomaly, and the timeframe that the deletion will occur.
- Under Actions, click Create an Exception.
- Enter the name for the exception and click Save Changes.
Once the changes are saved, a successful message is displayed at the bottom of the page and anomalies displayed per the filters are suppressed.