Suppression Rules

Suppression rules allow you to ignore specific outbound network calls from known domains that are not a security concern.

For example, if your organization regularly makes outbound calls to www.google.com, but these calls are being flagged as anomalous, you can create a suppression rule to prevent unnecessary alerts for this domain.

Scope of Suppression Rules

You can create suppression rules at different levels, depending on how broadly you want to apply them:

• Job Level – Applies to a specific job.

• Project Level – Applies to an entire project.

• Organization Level – Applies across all repositories within the organization.

How to Create a Suppression Rule

There are two ways to create a suppression rule, from the:

• Suppression Rules page

• All Detections page

Method 1: From the Suppression Rules Page

Step 1: Navigate to Suppression Rules under the Harden Runner Section

Step 2: Click "Create rule"

Step 3: Enter the following details:

• Rule Name – Provide a meaningful name for the rule.

• Description – Add details about why this rule is being created.

• Endpoint to Ignore – Specify the domain or endpoint to suppress (use * for wildcard matching).

• Scope – Choose the level of the rule: Job, Project or Organization.

Step 4: Click "Save"

Method 2: Creating a Suppression Rule from the All Detections Page

Step 1: Navigate to Detections locate the endpoint you wish to suppress, then click the three-dot menu (⋮) next to it.

Step 2: Click "Suppress detection"

Step 3: You will be redirected to the Suppression Rules page with the detection details pre-filled, add the name and description.

Step 4: Click "Save"