# Suppression Rules Suppression rules allow you to ignore specific outbound network calls from known domains that are not a security concern. For example, if your organization regularly makes outbound calls to `www.google.com`, but these calls are being flagged as anomalous, you can create a suppression rule to prevent unnecessary alerts for this domain. ## Scope of Suppression Rules You can create suppression rules at different levels, depending on how broadly you want to apply them: * Job Level – Applies to a specific job. * Workflow Level – Applies to all jobs within a workflow. * Repository Level – Applies to an entire repository. * Organization Level – Applies across all repositories within the organization. ### How to Create a Suppression Rule There are two ways to create a suppression rule, from the: * Suppression Rules page * All Detections page ### Method 1: From the Suppression Rules Page **Step 1:** Navigate to `Suppression Rules` under the Harden Runner Section

**Step 2:** Click "Create rule" ![Suppression Rules Page](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-08-21/e35b5370-8f8e-46b2-a48b-a8ba6f1924e2/ascreenshot.jpeg?tl_px=272,0\&br_px=3024,1538\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=1014,44) **Step 3:** Enter the following details: * Rule Name – Provide a meaningful name for the rule. * Rule Type – Choose the appropriate rule type. The options shown will vary based on the [detection type](https://docs.stepsecurity.io/detections#types-of-detections). * Description – Add details about why this rule is being created. * Destination – Specify the domain or IP Address to suppress (use \* for wildcard matching). * Process – Specify the exact process name. This allows you to suppress anomalous outbound calls originating from a specific process, even if other processes calling the same destination should still be monitored * Scope – Choose the level of the rule: Job, Workflow, Repository, or Organization.

**Step 4:** Click "Save" ![Suppression Rules Page](https://ajeuwbhvhr.cloudimg.io/https://colony-recorder.s3.amazonaws.com/files/2025-08-21/04a5ad06-b1dc-44dd-ad58-e7e984e0fec0/ascreenshot.jpeg?tl_px=0,175\&br_px=2752,1714\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=452,510) Your Suppression Rule is now created and active

### Method 2: Creating a Suppression Rule from the All Detections Page **Step 1:** Navigate to `Detections` and go to the Anomalous Outbound Network Calls Tab

**Step 2:** Click on the three dots next to the detection you want to suppress and select "Suppress detection"

**Step 3:** You will be redirected to the Suppression Rules page with the detection details pre-filled, add the name and description.

StepSecurity Suppression Rules page showing how to create a new rule — StepSecurity Suppression Rules page

**Step 4:** Click "Save"

Your Suppression Rule is now in effect

StepSecurity Suppression Rules page showing the list of rules — StepSecurity Suppression Rules page