Forum Discussion

P2010014's avatar
P2010014
Copper Contributor
Feb 26, 2024

Suppression rules not working as expected

Few days back I started receiving security alert for "Communication with suspicious domain identified by threat intelligence", however that domain is known to me and for that specific domain I have enabled suppression rule also.

I tried to create suppression rule by going to option "create suppression rule" from the take action of the alert without specifying entity which stopped alerts from triggering however that is not a ideal solution as it is suppressing alerts for all suspicious domain and not specific one and may be I will miss the actual security alert that can cause threat.

 

What could be the possible reason behind it ?Week back those rules where working fine and also those alerts are not expired.

No RepliesBe the first to reply

Resources