Forum Discussion
Alert Tuning (formerly Alert Suppression) Issues
Hello all! I am managing a Microsoft Defender instance and I have created a Custom Detection Rule. I want to tune this Alert so it auto-resolves in ALL scenarios (any host , any user). I have ...
Hi pcgr,
One thing to check is whether the specific conditions you’ve set for the alert are covering all scenarios correctly. For the auto-resolution to work across all hosts and users, make sure the scope and condition are broad enough without restricting it too much.
Sometimes, tweaking the Alert Title condition slightly or ensuring the match is exactly how the alert is generated can help. If you’re still running into issues, it might be helpful to check if there are any other underlying settings or limitations with the custom detection rule itself.
Regards!