Am I correct in the following assumption. In ECAT, when files or processes were whitelisted the risk score would lower automatically, but I've noticed that doesn't occur in NetWitness Endpoint.
Is the process that once you've assessed a host, done triage, whitelisted safe processes etc, you have to reset the risk score in order for the score to be lowered?
Does that also apply for the alerts that are generated for a host as well?
