For whitelisting, Darktrace encourages the use of learning exceptions. Learning exceptions will alter the system reaction to this combination of ‘from’ address and envelope sender across all models where these actions occurred. These specific actions applied to the email will, in future, no longer be used to any email that matches the ‘from’ address and the envelope domain of the email in question unless the email exhibits a significantly higher anomaly score.
Essentially, the system undergoes a re-evaluation of the environment to prevent similar emails from being an action in the future. So that if no-reply@microsoftproject[.]com was involved, the system would be more lenient towards future microsoftproject[.]com addresses.
This can be done with the following steps:
1. In the Email Logs, click on the email you wish to make a learning exception for.
2. Click the message actions menu icon on the right of the email information pane. More information about this menu can be found in Message Actions
3. Select the learning exception option (</>) from the list.
4. Optionally, click “Review Changes” to see a summary of the changes the exception will make. Confirm that you wish to proceed with the exception.