Automatically Ignore Invalid Incidents with New Playbook
Release Date: July 28, 2025
We’re excited to announce a powerful enhancement to your incident management experience, designed to help you focus on what matters: we are introducing a new playbook: Automatically Ignore Invalid Incidents.
What's new?
This new playbook will automatically ignore incidents where the detected secret has been confirmed invalid and revoked, even for those that have never been valid. With this new capability, your team can immediately focus on genuine, actionable threats without being distracted by unnecessary noise from already-resolved issues.
Why This Matters?
By automatically clearing these known invalid incidents, you'll save valuable time, reduce alert fatigue, and maintain a clear focus on critical security issues that require your attention.
Important Note
This playbook is designed for incidents from standard detectors and will not impact those related to detectors with a custom host.
You Stay in Control
The playbook will be enabled by default, but you can opt out at any time if it doesn’t fit your needs. All incidents will remain accessible in your workspace for review.
Fixes
- Incidents Management: Resolved a regression where secrets detected on deletion lines could reopen incidents. Deletion lines are no longer scanned for secrets, as per the expected "Scan only addition line" behavior.
