Suppressions

What are suppressions

A suppression is similar to whitelisting. The idea is the current, enabled rules identify blacklisted actions or services. A suppression is applied to reduce or ignore normal and approved actions or services.

In addition, suppressing alerts hone each rule to more accurately fire for true positives.

Suppressions can be applied to several layers of the rule management system hierarchy. IP, Community, and Group are the three layers in which a customer can set the suppression for a rule. Global suppressions can only be applied by the Perch Security Operations Center.

Recent suppressions are visable from the dashboard (if you have any). Or from the alert suppressions page by clicking the gear icon settings from the menu and navigating to Alert Suppressions.

Curious about what to do with your alerts and how to suppress them? Learn about suppressing alerts in our other post.