How to Create/Modify a Policy for Auto-Suppression Action

---

On BoostSecurity, users can create or modify policies to include a Suppress action, with the default/built-in policy action to suppress findings rather than drop them.

Auto-suppression settings can be configured based on specific criteria within default/custom policy rules. For instance:

1. Automatically Suppress All Stored Secrets with Low Confidence:

   • This ensures that sensitive information remains accessible for searching while minimizing user interruptions.

2. Automatically Suppress All CVEs with CVSS < 6.0 (or EPSS < 0.01):

   • This automatically suppresses findings with lower severity scores, allowing users to focus on more critical issues.

e.t.c.

---

Step-by-Step Guide

---

Follow these steps to create or modify an auto-suppression policy:

1. Navigate to the Policy page and either select an existing policy or initiate the process by clicking on the New Policy button located at the top-right corner of the page.

2. Provide a name and description for your policy, such as "Test".

3. Choose the Suppress action as the default action for the policy.

   

4. Provide a justification for the suppression action.

   

5. Click the Save button to save the progress and activate the auto-suppression policy.