USM Anywhere™

Example: Creating a Suppression Rule for Sudo Events

Role Availability Read-Only Analyst   Manager

In this example, we are going to create a suppression rule to avoid having a lot of Sudo A program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.. You can create this rule whenever you trust the origin hostReference to a computer on a network., or because you need to do maintenance. This way you will avoid noise in your list of events.

Note: You can also create your own rules from the Events page, which is an easier way to configure the matching conditions. See Creating Suppression Rules from the Events Page for more information.

To create a suppression rule for avoiding Sudo events

  1. Go to Settings > Rules.
  2. Select Create Orchestration Rule > Create Suppression Rule.
  3. Enter a name for the rule, (for example, Suppress Sudo Events).
  4. Select these property values:

    Create a suppression rule for avoiding SUDO events

  5. Click Save Rule.
  6. The suppression rule has been created. You can see it from Settings > Rules. See Suppression Rules from the Orchestration Rules Page for more information.