# Suppression Rules

Suppression Rules allow you to ignore specific outbound network calls from known domains that are not a security concern.

For example, if your organization regularly makes outbound calls to `www.google.com`, but these calls are being flagged as anomalous, you can create a rule to prevent unnecessary alerts for this domain.

### Scope of Suppression Rules <a href="#scope-of-suppression-rules" id="scope-of-suppression-rules"></a>

You can create suppression rules at different levels, depending on how broadly you want to apply them:

* Job Level – Applies to a specific job.
* Project Level – Applies to an entire project.
* Organization Level – Applies across all repositories within the organization.

### How to Create a Rule <a href="#how-to-create-a-suppression-rule" id="how-to-create-a-suppression-rule"></a>

There are two ways to create a rule, from the:

* Suppression Rules page
* All Detections page

#### **Method 1: From the Suppression Rules Page**

**Step 1:** Navigate to Suppression`Rules` under the Harden Runner Section

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/b152200e-2670-49db-8bd0-1e9d03026c37/ascreenshot.jpeg?tl_px=0,0\&br_px=3024,1714\&force_format=jpeg\&q=100\&width=1120.0)

**Step 2:** Click "Create rule"

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/b152200e-2670-49db-8bd0-1e9d03026c37/ascreenshot.jpeg?tl_px=1058,0\&br_px=3023,1098\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=988,78)

**Step 3:** Enter the following details:

* Rule Name – Provide a meaningful name for the rule.
* Description – Add details about why this rule is being created.
* Endpoint to Ignore – Specify the domain or endpoint to suppress (use \* for wildcard matching).
* Scope – Choose the level of the rule: Job, Project or Organization.

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/d7da8e11-4309-4f12-ac74-bf59dc6104d0/ascreenshot.jpeg?tl_px=272,0\&br_px=3024,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=535,142)

**Step 4:** Click "Save"

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/1f6444d2-57f2-409b-af42-ad43e478b0eb/ascreenshot.jpeg?tl_px=0,175\&br_px=2752,1714\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=448,495)

#### **Method 2: Creating a Rule from the All Detections Page**

**Step 1:** Navigate to `Detections` locate the endpoint you wish to suppress under the `Anomalous Outbound Network Calls`, then click the three-dot menu (⋮) next to it

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/b062c752-9e1d-457a-a44f-c8317955ae61/ascreenshot.jpeg?tl_px=1058,0\&br_px=3023,1098\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=1027,179)

**Step 2:** Click "Suppress detection"

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/d4dad92b-55a7-4a85-aee6-4c2b68828ff2/ascreenshot.jpeg?tl_px=1058,0\&br_px=3023,1098\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=988,222)

**Step 3:** You will be redirected to the Rules page with the detection details pre-filled, add the name and description.

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/36aa0489-6405-438a-951b-85d9a9aa47b7/ascreenshot.jpeg?tl_px=272,0\&br_px=3024,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=609,126)

**Step 4:** Click "Save"

![](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-07-29/b133cf51-2e21-4e94-b491-afd881229b4b/ascreenshot.jpeg?tl_px=0,175\&br_px=2752,1714\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=442,493)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/azure-devops/harden-runner/suppression-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.