Suppressing Individual alerts in Security Center
Currently there is no way to suppress or make a alert silent for a particular time frame or permanently. This is one thing which will really help if implemented. At times security center keeps throwing alert for a process which you know is not malicious but have no way to stop Security Center send email alerts repeatedly for the same thing.
There should be a way to either stop or suppress, individual alerts so that one can focus on other alerts and take action on them instead of thinking it is the same alert and no action is required
Yves Boudreau commented
There is a workaround for this issue, it's not the best but it works.
Create a Logic App with a recurrence trigger (Every 15 seconds) to run a query in Log Analytics that will get all ASC alerts.
From there, you can parse the JSON result in order to get extended properties and create conditions for specific items, for example, a suspicious command line that is legitimate.
If the condition is met, create an ASC action or a Sentinal action that will close that alert using dynamic fields from the resulting query.
This method isn't perfect, but it works for me. I am still waiting for Microsoft to come up with a more permanent and stable solution.
Absolutely. a high percentage of our alerts are the same and already been ruled out as false poitive. Such as a particular process.exe we run on a large number of VM's. We need a way to whitelist these so that these alerts are suppressed and we can focus on the "real" alerts!
I also submitted a request to be able to customize which alerts are sent. In my case I was requesting ability to choose more than just high priority. However, this falls in line with lack of options for configuring email alerts. We should have more configuration options. Instead all we have is toggle on or off.