diff --git a/cyences_app_for_splunk/default/savedsearches.conf b/cyences_app_for_splunk/default/savedsearches.conf
index bc441117..94942d43 100644
--- a/cyences_app_for_splunk/default/savedsearches.conf
+++ b/cyences_app_for_splunk/default/savedsearches.conf
@@ -6526,7 +6526,7 @@ display.page.search.tab = statistics
 display.page.search.mode = fast
 request.ui_dispatch_app = cyences_app_for_splunk
 request.ui_dispatch_view = search
-search = index=* sourcetype!="WinRegistry" NOT (sourcetype="WinEventLog" user_type="computer") NOT (sourcetype="meraki:accesspoints" (NOT eventData.identity="*")) (user=* OR User=* OR UserName=* OR Username=* OR userName=* OR username=* OR user_name=* OR src_user=*) \
+search = index=* NOT sourcetype IN ("meraki", "fortigate_utm", "WindowsUpdateLog", "WinRegistry", "Script:ListeningPorts", "Script:InstalledApps", "sophos:xg:idp", "sophos:xg:firewall", "cisco:ios", "MSAD:NT6:DNS", "Perfmon:*") NOT (sourcetype="WinEventLog" user_type="computer") NOT (sourcetype="meraki:accesspoints" (NOT eventData.identity="*")) NOT (action=fail*) (user=* OR User=* OR UserName=* OR Username=* OR userName=* OR username=* OR user_name=* OR src_user=*) \
 | `cs_user_inventory_data_filter` \
 | eval user=mvdedup(mvappend(coalesce(src_user, user, user_name, username,Username, User, UserName, userName), if(mail="null" or mail="",null(),mail))), user_type=coalesce(user_type, user_role, user_category, "n/a") \
 | search NOT user IN ("$*", "-", "' or '1=1", ".{jndi", "") \