Oct 11 2021
02:55 PM
- last edited on
Dec 23 2021
11:03 AM
by
TechCommunityAP
Oct 11 2021
02:55 PM
- last edited on
Dec 23 2021
11:03 AM
by
TechCommunityAP
Hello,
We have a basic alert in Defender that informs us if a change in email forwarding has been made for a certain level of user. This is important to know, but about 3/4th of these are triggered when our system automatically sets up an email address for a new user, or a user switching departments. These are known and the alerts are just noise. I am looking for a way to auto-resolve these. We were looking at using the suppression rule option, but for these alerts this isn't an option. I think it might have to do with being an informational alert as opposed to a compromise, but we just want to filter out a specific username that indicates it is our internal system.
Does anyone know if a way we can get this done? Is there another option without completely turning off this alert all together?
Thank you
Oct 18 2021 12:11 AM
Oct 20 2021 11:11 AM