Custom Exceptions
Use Custom Exceptions to define queries that manually override the predefined Verification Gates:
- Define Inclusion (Force Verified) queries to categorize specific devices as verified
- Define Exclusion (Force Unverified) queries to categorize specific devices as unverified
Manually Verified / Manually Unverified appear as Verification Reasons for relevant assets in the Devices page.
Note
Custom Exceptions are optional, and so is each exception type (Force Verified/Force Unverified).
Custom Exception Guidelines:
- To reset (remove) an exception, click the X on the query dropdown to delete the selected query.
- Click View or Edit Query (next to the X) on the query dropdown to modify the selected query, or duplicate it and modify the duplicated version.
- You cannot manually remove verification tags from assets - if you want to reset an asset's verification status, you must delete the query.
- If there is a conflict between queries, for example, an asset that matches both the Force Verified and the Force Unverified queries, the Force Verified query takes precedence and the device is marked as Verified.
Example Use Case
In this scenario, a specialized server matches the criteria for both automated gate failure AND two manual exceptions.
- Device Profile: A critical legacy production server that has been offline for maintenance for 45 days. It has an active manual exception to keep it verified, but a separate compliance query accidentally flags it as unverified.
Evaluation Steps:
-
Automated Gate Evaluation: The Recency gate defines a 30-day limit after which devices become unverified. Since the server has been offline for more than that, it fails to pass this gate.
-
Custom Exceptions Evaluation: The engine checks the device against the Custom Exceptions queries:
- Force Unverified Query: The server matches a saved query named "Out of Compliance Systems" because its operating system is outdated, flagging it to be forcefully unverified.
- Force Verified Query: The server also matches a saved query named "Copy of Out-of-scope devices - Agent Coverage", which explicitly forces all critical production infrastructure to remain verified.
-
Conflict Resolution: Because the device matches both a Force Verified query and a Force Unverified query, the system applies the built-in precedence rule - Force Verified takes precedence over Force Unverified.
Final Result: The manual inclusion query overrides both the automated failure AND the conflicting manual exclusion query. As a result, the Axonius Verified field is set to Yes, and the system updates its Verification Reason field to Manually Verified.
