Suppression Rules

Suppression rules allow you to ignore specific outbound network calls from known domains that are not a security concern.

For example, if your organization regularly makes outbound calls to www.google.com, but these calls are being flagged as anomalous, you can create a suppression rule to prevent unnecessary alerts for this domain.

Scope of Suppression Rules

You can create suppression rules at different levels, depending on how broadly you want to apply them:

  • Job Level – Applies to a specific job.

  • Workflow Level – Applies to all jobs within a workflow.

  • Repository Level – Applies to an entire repository.

  • Organization Level – Applies across all repositories within the organization.

How to Create a Suppression Rule

There are two ways to create a suppression rule, from the:

  • Suppression Rules page

  • All Detections page

Method 1: From the Suppression Rules Page

Step 1: Navigate to Suppression Rules under the Harden Runner Section

StepSecurity Suppression Rules page showing list of rules
StepSecurity Suppression Rules page

Step 2: Click "Create rule"

StepSecurity Suppression Rules page showing list of rules
StepSecurity Suppression Rules page

Step 3: Enter the following details:

  • Rule Name – Provide a meaningful name for the rule.

  • Description – Add details about why this rule is being created.

  • Endpoint to Ignore – Specify the domain or endpoint to suppress (use * for wildcard matching).

  • Scope – Choose the level of the rule: Job, Workflow, Repository, or Organization.

StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page

Step 4: Click "Save"

StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page

Your Suppression Rule is now created and active

StepSecurity Suppression Rules page showing list of rules
StepSecurity Suppression Rules page

Method 2: Creating a Suppression Rule from the All Detections Page

Step 1: Navigate to All Detections and go to the Anomalous Outbound Network Calls Tab

StepSecurity All Detections page showing Anomalous Outbound Network Calls
StepSecurity All Detections page showing Anomalous Outbound Network Calls

Step 2: Click on the three dots next to the detection you want to suppress and select "Create Rule"

StepSecurity All Detections page showing Anomalous Outbound Network Calls
StepSecurity All Detections page showing Anomalous Outbound Network Calls

Step 3: You will be redirected to the Suppression Rules page with the detection details pre-filled, add the name and description.

StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page

Step 4: Click "Save"

StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page

Your Suppression Rule is now in effect

StepSecurity Suppression Rules page showing the list of rules
StepSecurity Suppression Rules page

Last updated

Was this helpful?