How to Create/Modify a Policy for Auto-Suppression Action

---

Policies can be defined to include a suppress action, and the default/built-in policies are configured to suppress findings rather than drop them.

Users have the flexibility to customize auto-suppression settings based on specific criteria within their default/custom policy rules. For instance:

1. Automatically Suppress All Stored Secrets with Low Confidence:

   • This ensures that sensitive information remains accessible for searching while minimizing user interruptions.

2. Automatically Suppress All CVEs with CVSS < 6.0 (or EPSS < 0.01):

   • This automatically suppresses findings with lower severity scores, allowing users to focus on more critical issues.

e.t.c.

---

Step-by-Step Guide

---

Follow these steps to create or modify an auto-suppression policy:

1. Navigate to the Policy page and either select an existing policy or initiate the process by clicking on the New Policy button located at the top-right corner of the page.

2. Provide a name and description for your policy such as "Test".

3. Choose the Suppress action as the default action for the policy.

   

4. Provide a justification for the suppression action.

   

5. Click on the Save button to save the progress and activate the auto-suppression policy.