# Suppression Rules Suppression rules allow you to ignore specific outbound network calls from known domains that are not a security concern. For example, if your organization regularly makes outbound calls to `www.google.com`, but these calls are being flagged as anomalous, you can create a suppression rule to prevent unnecessary alerts for this domain. ## Scope of Suppression Rules You can create suppression rules at different levels, depending on how broadly you want to apply them: * Job Level – Applies to a specific job. * Workflow Level – Applies to all jobs within a workflow. * Repository Level – Applies to an entire repository. * Organization Level – Applies across all repositories within the organization. ### How to Create a Suppression Rule There are two ways to create a suppression rule, from the: * Suppression Rules page * All Detections page ### Method 1: From the Suppression Rules Page **Step 1:** Navigate to `Suppression Rules` under the Harden Runner Section

**Step 2:** Click "Create rule" ![Suppression Rules Page](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-08-21/e35b5370-8f8e-46b2-a48b-a8ba6f1924e2/ascreenshot.jpeg?tl_px=272,0\&br_px=3024,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=1014,44) **Step 3:** Enter the following details: * Rule Name – Provide a meaningful name for the rule. * Rule Type – Choose the appropriate rule type. The options shown will vary based on the [detection type](/harden-runner/detections.md#types-of-detections). * Description – Add details about why this rule is being created. * Destination – Specify the domain or IP Address to suppress (use \* for wildcard matching). * Process – Specify the exact process name. This allows you to suppress anomalous outbound calls originating from a specific process, even if other processes calling the same destination should still be monitored * Scope – Choose the level of the rule: Job, Workflow, Repository, or Organization.

**Step 4:** Click "Save" ![Suppression Rules Page](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-08-21/04a5ad06-b1dc-44dd-ad58-e7e984e0fec0/ascreenshot.jpeg?tl_px=0,175\&br_px=2752,1714\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=452,510) Your Suppression Rule is now created and active

### Method 2: Creating a Suppression Rule from the All Detections Page **Step 1:** Navigate to `Detections` and go to the Anomalous Outbound Network Calls Tab

**Step 2:** Click on the three dots next to the detection you want to suppress and select "Suppress detection"

**Step 3:** You will be redirected to the Suppression Rules page with the detection details pre-filled, add the name and description.

StepSecurity Suppression Rules page showing how to create a new rule — StepSecurity Suppression Rules page

**Step 4:** Click "Save"

Your Suppression Rule is now in effect

StepSecurity Suppression Rules page showing the list of rules — StepSecurity Suppression Rules page

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/harden-runner/suppression-rules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.