MDE tuning suppression by file name

Hi all,

Looking to tune a particular in-built MDE rule by file name rather than hash. 

The file is not part of the alert/incident evidence, it's the parent process of the processes which are responsible for triggering the alerts. 

Due to the file being a driver, it's imperative that the file is not tuned by hash, so that any version updates to the file can simply be accomodated, hence opting to suppress via file name. The suppression is also only intended for particular device groups and rules.

Attempted to tune directly from the rule via various custom configurations including process / parent process / file name, no luck getting it to work.