Versions Compared

Old Version 1

changes.mady.by.user Deepanshu Marwah

Saved on

compared with

New Version 2

changes.mady.by.user Deepanshu Marwah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

If you are experiencing

...

many false or benign positives by trusted infrastructure, you can suppress alerts and create suppression rules by various attributes.

The following instructions can be found on Microsoft’s site:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-worldwide

Suppress an alert and create a new suppression rule

Create custom rules to control when alerts are suppressed

...

or resolved. You can control the context for when an alert is suppressed by specifying the alert title, Indicator of compromise, and the conditions. After specifying the context, you

...

can configure the action and scope on the alert.

  1. Select the alert you'd like to suppress. This brings up the Alert management pane.

  2. Select Create a suppression rule.

    You can create a suppression condition using these attributes. An AND operator is applied between each condition, so suppression occurs only if all conditions are met.

    • File SHA1

    • File name - wildcard supported

    • Folder path - wildcard supported

    • IP address

    • URL - wildcard supported

    • Command line - wildcard supported

  3. Select the Triggering IOC.

  4. Specify the action and scope

...

  1. of the alert.

    You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue, alert page, and device timeline and

...

  1. appear

...

  1. resolved across Defender for Endpoint APIs.

    Alerts

...

  1. marked as hidden will be suppressed from the entire system, both on the device's associated alerts and from the dashboard, and will not be streamed across Defender for Endpoint APIs.

  2. Enter a rule name and a comment.

  3. Click Save.

View the list of suppression rules.

  1. In the navigation pane, select Settings > Alert suppression.

  2. The list of suppression rules shows all the rules that users in your organization have created.

For more information on managing suppression rules, see Manage suppression rules

...

idarticle_metadata

...

Document Status

...

Status
colourGreen
titleActive

...

Last Reviewed

...

Table of Contents

Contributors

...

.