We are excited to introduce a new feature that allows you to apply suppression of Broad Context Detections (BCDs) based on device labels at the company level. This enhancement provides greater flexibility and precision in managing your security environment.
How to Use Device Labels for Accepted Behavior
- Select the BCD: Identify the Broad Context Detection (BCD) you would like to silence and close it with the “Accepted Behavior” resolution code.
- Popup Options: A popup will appear, allowing you to choose between closing as a one-time action or creating a suppression rule.
- Suppression Rule Wizard: A wizard will popup, and the option “Devices with the following labels” selection will be visible at the Company level.
- Choose Relevant Labels: Select the relevant labels where you want to apply the suppression for the key detections part of this BCD.
- Review Parameters: Ensure the parameters match the expected outcome of the suppression rule.
- Note: To silence a BCD, all the parameters of each key detection should match the newly created BCD to suppress it.
- View Suppression Rules: The newly created suppression rules will be visible in the Security Configurations/Automated Actions/Suppression Rules tab.
Note: Filtering the suppression rules based on device labels is possible.
This new feature enhances your ability to tailor suppression rules to your organization’s specific needs, ensuring more accurate and effective threat management.
Note: Guidelines on how to add device labels (tags) can be found here.
