Adding Alert Suppressions
To suppress an alert for normal and known good activities and behavior you can add suppressions to rules. The quickest way to do this is from the `Alerts` page and finding the alert you wish to suppress. Click on the 'Suppress Alert' button(fire extinguisher icon).
Threat Stack will suggest a new suppression filter based on the event that triggered the alert. You can also modify or add additional event parameters as needed to ensure the suppression isn't too broad. These suppression filters use the same language as the 'search' language in the search bar.
TIP! In order to test a suppression copy the suppression into the search field on the Events page. If only the event that you are looking to suppress is returned then your suppression is accurate.
Click 'Apply Suppression Filter' to install the suppression filter. This will add the suppression to the respective Rule Set and Rule that generated the alert.
Viewing/Manually Add Suppression Rules
Suppression Rules can be viewed by going to the RULESETS page -> (Select Rule Set) -> Select "Alert Rules" From the Drop Down Menu. You will find the suppressions under each rule respectively. You can edit a suppression or add a new suppression from this area.