How to reduce noise with alert suppression conditions?

Monitoring group configuration will allow you to finely configure monitoring in Warden so that you can reduce noise and only receive alerts for the types of changes and threats that matter to your specific use cases and business. You can create multiple monitoring groups to monitor different types of alerts.

However, if you want to suppress only one type of alert with specific conditions you can do it with the following instructions.

Add Suppression conditions in Rule Configuration

1. Go to Monitoring Configuration -> Rule Configuration page, search for the rules that you want to add suppression conditions, and click edit.


2. In the Rule Configuration page, you can see the Suppression Condition section. 

3. Navigate the condition options and add in the corresponding values. After save the conditions, the rule will not generate alerts if there is a match with the conditions you provided.



If you received suspicious IP alerts, and you found out that it is a false positive because it is coming from your internal IP address. You do not want to see suspicious IP alerts from this IP address in the future but still want to monitor other behaviors from this IP address.

In this case, you can apply a suppression condition on the suspicious IP rule configuration.

You can directly navigate Suppression Condition in the alert details page, and click Edit detection rule to move to Rule Configuration page to set up the suppression conditions.