SECURITY MONITORING
      Back to home
      1. KNOWLEDGE BASE
      2. SECURITY MONITORING

      Creating Signal Suppression Rules

      This section allows you to add suppression rules to workbooks.

      Signal Suppression Rules can be created from the following pages:

      • Signal Suppression Rules listing page
      • Signals listing page

      Creating Signal Suppression Rules from Signal Suppression Rules Listing page

      • Hover on the System icon on the left navigation bar of the Home screen, from the options displayed select Signal Suppression Rules, the following screen will be displayed.
      image 1-Apr-26-2024-01-25-33-1687-PM
      • The above page displays the list of workbooks with suppression rules.
      • To add a new suppression to an existing workbook, click the plus icon on the extreme right corner of the page, the following page will be displayed.

      image 2-Apr-26-2024-01-27-29-2656-PM

      • On the above screen from the drop-down, select the particular workbook for which you want to add new suppression rules.
      • Now select the rules that you want to apply, you can add multiple rules in any combination. Select a target or suspect and then select host, user, resource etc and the value (IP Address / port number) from which alerts will be suppressed.
      • Click on the Eye icon to see the logical representation of the rule.

      image 3-Apr-26-2024-01-28-53-0466-PM

      • Click Save.
      • Once a suppression rule is created, signals that satisfy these conditions will be suppressed

      Creating Signal Suppression Rules from Signals Listing page

      • Click the Signals icon on the left navigation bar of the Home screen, the following screen will be displayed.
      image 4-Apr-26-2024-01-35-40-9458-PM
      • Select the signal for which you want to create suppression rule. Click on the ellipsis displayed on the extreme right against the signal and select Create Suppression Rule. The following screen is displayed.
      image 5-Apr-26-2024-01-37-24-2378-PM
      • Click on the Eye icon to see the logical representation of the rule
      • Click Save, to create a suppression rule for the selected signal. Alerts that satisfy the conditions specified in the rule will be suppressed.

      Note - For a Workbook, there can be several Signal Suppression rules. Whenever a Signal is produced for a workbook, the system checks all the Signal Suppression rules assigned to that workbook until either a matching rule is found or all rules are examined.