Suppression Rules

Suppression rules allow you to ignore specific outbound network calls from known domains that are not a security concern.

For example, if your organization regularly makes outbound calls to www.google.com, but these calls are being flagged as anomalous, you can create a suppression rule to prevent unnecessary alerts for this domain.

Scope of Suppression Rules

You can create suppression rules at different levels, depending on how broadly you want to apply them:

  • Job Level – Applies to a specific job.

  • Workflow Level – Applies to all jobs within a workflow.

  • Repository Level – Applies to an entire repository.

  • Organization Level – Applies across all repositories within the organization.

How to Create a Suppression Rule

There are two ways to create a suppression rule, from the:

  • Suppression Rules page

  • All Detections page

Method 1: From the Suppression Rules Page

Step 1: Navigate to Suppression Rules under the Harden Runner Section

Suppression Rules Page

Step 2: Click "Create rule"

Suppression Rules Page

Step 3: Enter the following details:

  • Rule Name – Provide a meaningful name for the rule.

  • Rule Type – Select the type of rule

  • Description – Add details about why this rule is being created.

  • Destination – Specify the domain or IP Address to suppress (use * for wildcard matching).

  • Process – Specify the exact process name

  • Scope – Choose the level of the rule: Job, Workflow, Repository, or Organization.

Suppression Rules Page

Step 4: Click "Save"

Suppression Rules Page

Your Suppression Rule is now created and active

Suppression Rules Page

Method 2: Creating a Suppression Rule from the All Detections Page

Step 1: Navigate to Detections and go to the Anomalous Outbound Network Calls Tab

Step 2: Click on the three dots next to the detection you want to suppress and select "Suppress detection"

Step 3: You will be redirected to the Suppression Rules page with the detection details pre-filled, add the name and description.

StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page

Step 4: Click "Save"

StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page

Your Suppression Rule is now in effect

StepSecurity Suppression Rules page showing the list of rules
StepSecurity Suppression Rules page

Last updated

Was this helpful?