Forum Discussion
Suppressing Alerts generated by RMM software
I am hitting a bit of a brick wall with this and wondering if anyone had some advice on the best methodology to go down to fix it. All our machines have an RMM tool on them that runs PowerShell, inv...
- WayneD911
You are correct, there is not currently a way to specify a process parent/child in a suppression rule. We are tracking several feature improvements for suppression rules so I will add this request as well.
Thanks,
Jake Mowrer
Jake_Mowrer thanks for your response. In the meantime, would you advise that we just mark each individual alert as a false positive?
Jake_Mowrer
Microsoft
MicrosoftWayneD911 yes definitely mark as FP and you can also open a support case and ask that our graders investigate tuning the detector. They may not be able to but it's worth a shot.
Jake
Jake
