Forum Discussion
Alert Tuning (formerly Alert Suppression) Issues
Hey! luchete
Thanks for your reply.
I have not set ANY conditions because I want the Suppression/Tuning to apply in EVERY time the alert triggers, regardless of User , Host or Account. This means that the only conditions i have are Alert Title.
As far as the Aler Title , i have taken it from the Advanced Hunting table to make sure that it is word for word exactly the way it triggers and yet still nothing :P
Have you or anyone else , ever successfully suppressed a Custom Detection based on Alert Title?
Cheers!
Hi pcgr,
If you're aiming for the alert tuning to apply every time the alert triggers without conditions on user, host, or account, using just the Alert Title condition should technically work as long as the title matches exactly. Since you’ve already double-checked that the Alert Title is word for word correct, one thing to consider is whether there are any hidden characters or formatting issues in the title that might be causing the match to fail.
Another thing to try would be ensuring there are no conflicting alert tuning rules or any restrictions in your organization’s settings that could be preventing the suppression from applying universally. If it’s still not working, it could be helpful to check if there are any known limitations or updates regarding custom detection rule suppression in the Defender documentation.
I haven’t personally encountered this issue, but I’d recommend trying these steps and seeing if that helps resolve it! Let me know how it goes,
Regards!
