SECURITY MONITORING
      Back to home
      1. KNOWLEDGE BASE
      2. SECURITY MONITORING

      Creating Signal Suppression Rules

      Signal Suppression Rules can be created from the following pages:

      • Signal Suppression Rules listing page
      • Signals listing page

      Creating Signal Suppression Rules from Signal Suppression Rules Listing page

      1. Hover on the System icon on the left navigation bar of the Home screen. From the options displayed, select Signal Suppression Rules. The page displaying the list of signal suppression rules on workbooks will be shown.

      2. To add a new suppression rule to an existing workbook, click the plus icon on the extreme right corner of the page.
      3. On the next screen, from the drop-down, select the particular workbook for which you want to add new suppression rules.
      4. You can add multiple rules in any combination. Select a target or suspect and then select host, user, resource, etc., and enter the corresponding value (e.g. IP Address / user name/ port number) for which alerts will be suppressed.
      5. You can now add multiple values separated by comma (",") to a field. The rule will be applied if any one of these values is matched (OR operator). 
        E.g. Suspect User = ‘Jack’, ‘Jane’ implies that the condition is met when the Suspect User is either ‘Jack’ OR ‘Jane’.
      6. If there are multiple suspect and target fields defined, then all the conditions must be matched for the suppression rule to apply.
        E.g. Suspect Host = ‘144.149.155.169’ Target User= ‘John’ implies that the condition is met when the Suspect Host = ‘144.149.155.169’  AND Target User =  ‘John’
      7. Click on the Eye icon to see the logical representation of the rule.
      8. Click Save. Once a suppression rule is created, signals that satisfy these conditions will be suppressed.

      Creating Signal Suppression Rules from the Signals Listing Page:   

      1. Click the Signals icon on the left navigation bar of the Home screen. The list of signals will be displayed.
      2. Select the signal for which you want to create a suppression rule. Click on the vertical ellipsis displayed on the extreme right of the signal and select Create Suppression Rule
      3. Click Save to create a suppression rule for the selected signal. Alerts that satisfy the conditions specified in the rule will be suppressed.

      Important Notes:

      • For a workbook, there can be several Signal Suppression rules defined. Whenever a signal is generated for a workbook, the system checks all the Signal Suppression rules assigned to that workbook until either a matching rule is found or all rules are examined.