Forum Discussion
MDE Alert Policy Tuning
Hello. I was reviewing the default alert policies within MDE. While some of these are worthwhile for security pros (e.g. "Unusual volume of deletions"), they appear to lack the ability to be tun...
MichaelJMelone
Microsoft
MicrosoftHello KB850VR . Have you looked at our suppression rule capabilities? This will enable you to suppress a specific alert based on conditions you specify. These conditions include device, device group, file hash, command line, folder path, etc.
doc: Manage Microsoft Defender for Endpoint suppression rules | Microsoft Docs
Let me try that again...I'll have to work with our MDE Admin on this as I don't have permissions in our environment to add those rules. Based on what I see, it doesn't appear that default alert rules can be added to alert suppression rules, but let me work with my admin on this.
Thanks again!
- MichaelJMeloneSounds good! Most alerts (including in-box alerts) should be able to be suppressed.
