How do I Suppress Alerts?

Adding Alert Suppressions

To suppress an alert for normal and known good activities and behavior you can add suppressions to rules. The quickest way to do this is from the `Alerts` page and finding the alert you wish to suppress. Click on the 'Suppress Alert' button(fire extinguisher icon).




Threat Stack will suggest a new suppression filter based on the event that triggered the alert. You can also modify or add additional event parameters as needed to ensure the suppression isn't too broad. These suppression filters use the same language as the 'search' language in the search bar.

TIP! In order to test a suppression copy the suppression into the search field on the Events page. If only the event that you are looking to suppress is returned then your suppression is accurate.



Click 'Apply Suppression Filter' to install the suppression filter. This will add the suppression to the respective Rule Set and Rule that generated the alert.

 

Viewing/Manually Add Suppression Rules

Suppression Rules can be viewed by going to the RULESETS page -> (Select Rule Set) -> Select "Alert Rules" From the Drop Down Menu. You will find the suppressions under each rule respectively. You can edit a suppression or add a new suppression from this area.

Have more questions? Submit a request

1 Comments

  • 0
    Avatar
    Dave Hotlosz

    I do not see the edit alert button for auto suppression. I only see the dismiss and suppress alert button. If I double click on the alert I do see a notification button only when I am in the alert pane. From there I can then go to more alert options and can then enable and set auto suppression as a new alert not as saving the existing one.

Please sign in to leave a comment.