New options with more granular control are available when configuring suppressions
With logical operators like grouping, OR, AND it’s possible to be very granular with the suppressions, which is really critical to avoid suppressing to much.
Always be cautious when adding suppressions
When using the auto-fill rule it will automatically apply all entities from the alert
Resolve or hide an alert
Resolving an alert will be handled as a regular resolved alert, meaning ending up in timeline, alerts queue, and APIs
Hiding the alert will cause the alert to be suppressed from the entire system, both on the device’s alerts and from the dashboard and will not be streamed across Defender for Endpoint APIs.
Depending on your scenario it could be important to make the choice to match the scenario you need. Could be related to reporting of total incidents/alerts to customers etc.
Stay safe and Happy Hunting