💯 Was one of the first things I asked for when we converted out legacy policy. "Can we block without an alert?" Response at the time was along the lines of "Why would you ever want to do that?" Is there an existing Enhancement Request we can pile-on?
You can change any policy to No Notification (Mute) the policy will still block, however there will be no block page/alert to the user. Also, you can save a query to then run and filter out alerts. At this time there is no feature that will allow you to not "log" a category or specific traffic within SkopeIT.
That's just it. I DO want it logged and blocked. I just don't need it to be an alert which implies some action should be taken by the SOC.
To exemplify: We are getting 20M alerts per week.
However, if I exclude the our three noisiest policy (DoH, Advertising/Analytics, and other default blocked categories) rules where we expect blocks we remove ~85% of those alerts.
Without the ability to block without alerting, every pre-built or community dashboard based around alerts needs to be tuned in AA. along with needing to make similar filters and exclusions in every other reporting platform the org uses.
I think that we need to figure out how to raise this as a feature request because there are some blocks that are very noisy and most of them I personally don't care to review. But since we don't currently have the ability to not, a filter/query will have to do. Thank you all for your help.
The issue with filtering stuff out of SkopeIT doesnt't really address the underlying data though. Think of all the reporting in AA and in third party integrations (SIEM, Cloud Exchange...etc) where you would also have to filter out.
It would just be best if the option (even controlled GA) was given to perform xyz action without Alerting. I keep going back to blocking DNS over HTTPS. If a company accepts having to do that (which with netskope is pretty much a requirement) then there is no reason to have those blocks (hundreds of thousands a day for companies like mine) skew reporting.