What options are there to filter event data from the EDR server? 

• Increase Retention.
• Lower Backlog. 

• Carbon Black EDR Server: All Versions

1. Filter Known Modloads
   • Filters known dlls from Windows
   • Advanced Settings
2. Retention Maximization.
   • Consolidates child processes into the parent process document, increasing retention and reducing incoming raw protobuf data. 
   • Advanced Settings
3. Ingress Filters. 
   • Sensors collect the data. Server drops the matching data at the datastore queue.  
   • Ingress Filtering
4. Sensor Exclusions. 
   • Data is dropped at the sensor level.  
   • Exclusion Settings

• What Known Modloads are Filtered when the Feature is Enabled?
• How Does Retention Maximization Setting Affect Process Queries?
• How to Determine Top Noisy and Chatty Hosts and Processes