Netskope Community
06-16-2023 10:26 AM
How are other customers tuning the UBA Bulk Upload (and Download)? These 2 policeis seem to be the noisiest and have the most "false positives". There is no way that I can tell to have an exception for specific apps. For example, the Brave sync applications. This local app is constantly uploading small data about its browser (for sync purposes). I would love to exempt that from the Bulk Upload UBA policy.
07-05-2023 11:35 AM
Hello @nduda,
Does the sync use the same process or URL as other services such as the Brave browser itself? If it's unique or a unique URL, perhaps you could bypass that particular traffic from steering or SSL inspection so we don't see the repeated uploads. If this is interesting traffic that you would still like to inspect I've passed this thread along to some of our internal UEBA experts to see what guidance they may have. I will reply back once I've got some additional insight.
07-07-2023 07:49 AM
@nduda R106 introduces an option to exclude particular apps from UEBA policies which should match your exact use case. Hopefully this helps!
Support App Exclusion In Application Filter
UEBA supports a setting for excluding applications for predefined and custom UEBA policies. This allows selection of specific applications to exclude from evaluation for predefined and custom UEBA policies.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In