After a red team exercise, which action best reduces IOC noise by muting exercise-related IOC matches?

Muting the IOCs from the exercise in the IOC Matches view directly suppresses alerts tied to those indicators without removing them from the system. This targets only the indicators generated during the red team activity, so normal production activity continues to alert, while the flood of exercise-induced matches is quieted. You preserve the data for post-exercise analysis and auditing, but analysts aren’t overwhelmed by noise during the exercise window. The other options don’t reduce alert noise as effectively: listing IOCs or filtering by ingestion time doesn’t silence current matches, and focusing on high-confidence IOCs ignores the broad set of exercise indicators that can still trigger noisy alerts. Muting is quick, scoped to the exercise, and reversible, making it the best way to quiet exercise-related matches while keeping data intact for afterward.