New alert suppression configuration

New options with more granular control are available when configuring suppressions

With logical operators like grouping, OR, AND it’s possible to be very granular with the suppressions, which is really critical to avoid suppressing to much.

Always be cautious when adding suppressions

When using the auto-fill rule it will automatically apply all entities from the alert

Resolve or hide an alert

Click Save

Resolving an alert will be handled as a regular resolved alert, meaning ending up in timeline, alerts queue, and APIs

Hiding the alert will cause the alert to be suppressed from the entire system, both on the device’s alerts and from the dashboard and will not be streamed across Defender for Endpoint APIs.

Depending on your scenario it could be important to make the choice to match the scenario you need. Could be related to reporting of total incidents/alerts to customers etc.

Stay safe and Happy Hunting

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.