Detection suppression feature enables actions to trigger when XDR detections match the conditions defined in a rule. With this release, we've added additional XDR suppression rules giving greater flexibility in reducing alert noise. Users can now define suppression rules using additional attributes for Windows and Linux endpoints, including user, device, IP address and file. Each attribute comes with its own set of condition for more precise control. These attributes can be seen within the existing detection rule workflow, where they have been added to existing available conditions.
By expanding suppression capabilities, security teams can fine-tune detection management, minimizing unnecessary alerts while focusing on genuine threats.
