Documentation Center
AlienVault® USM Anywhere™

Example: Creating a Suppression Rule

  Role Availability   Read-Only   Analyst   Manager

In this example, we are going to create a suppression rule to avoid having a lot of SUDO A program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall.. You can create this rule whenever you trust the origin hostReference to a computer on a network., or because you need to do maintenance. This way you will avoid noise in your list of events.

Note: You can also create your own rules from the Events page, which is an easier way to configure the matching conditions. See Creating Suppression Rules from the Events page for further information.

To create a suppression rule for avoiding SUDO events

  1. Navigate to SETTINGS > RULES.
  2. Click Create Orchestration Rule > Create Suppression Rule.
  3. Type a name for the rule, for instance 'Suppress SUDO sevents'.
  4. Select the following property values:
  5. Click Save Rule.
  6. The suppression rule has been created. You can see it from SETTINGS > RULES, see Suppression Rules from the Orchestration Rules page for further information.