Forum Discussion
Princely
Aug 24, 2021Copper Contributor
Does the 'Hide Alert' option in Defender remove the data from the corresponding table?
We are trying to suppress an alert based on command-line containing a specific file name which doesn't seem to currently be possible. We were planning to instead suppress alerts based on the Processname and create a custom detection rule to exclude command-lines containing the specific file name and alert on the rest. My question is, will the alert data still be present in the 'AlertInfo', 'AlertEvidence' tables after creating the suppression rule with the 'Hide Alert' option or should we be using the "Resolve Alert" option instead?
No RepliesBe the first to reply