Hello Renaldo Jack ,
Thank you for posting your query on Microsoft Q&A. I would recommend you to identify the type of alerts generated during Breach and Attack simulations.
From Defender for Cloud's security alerts page, select the alert you want to suppress.
- From the details pane, select Take action.
- In the Suppress similar alerts section of the Take action tab, select Create suppression rule.
- In the New suppression rule pane, enter the details of your new rule. Entities - The resources that the rule applies to. You can specify a single resource, multiple resources, or resources that contain a partial resource ID. If you don't specify any resources, the rule applies to all resources in the subscription. Name - A name for the rule. Rule names must begin with a letter or a number, be between 2 and 50 characters, and contain no symbols other than dashes (-) or underscores (_). State - Enabled or disabled. Reason - Select one of the built-in reasons or 'other' to specify your own reason in the comment. Expiration date - An end date and time for the rule. Rules can run for up to six months.
- You select Simulate to see the number of previously received alerts that would have been dismissed if the rule was active.
- Save the rule.
- You can also select the Suppression rules button in the Security Alerts page and select Create suppression rule to enter the details of your new rule.
If you have current suppression rule for specific alerts or for specific resource ? If you would do it on resource, it should suppress all the alerts for that resource.
Apart from this you could also use, Sentinel automation rules to auto close in a similar way if integrated.
In case you are not using sentinel, We don't have a direct option for unknown alerts being suppressed but have a BCDR scenario to follow
Still, if this does not meet the requirement then I would recommend to have a feedback posted here, as this is monitored by our product group team
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.