If that is IOC event then it can't be excluded or whitelisted, only muted. To suppress these alerts it is required to globally mute the IOC in the dashboard. To do so login to your AMP console, go to Dashboard > navigate to bottom > Compromise Events Types > you will see a bell icon > find the IOC you would like to mute and click that. More details:
https://docs.amp.cisco.com/en/A4E/AMP%20for%20Endpoints%20User%20Guide.pdf#G3.1750717
Disadvantage: mute of such event, will trigger mute as well for not false-positives.
Hope that helps,
-Wojciech