Configure mute rules to streamline security alerts by automatically filtering out non-urgent findings. This approach helps reduce noise from known false positives and accepted risks, allowing you to focus on addressing the most critical threats.

Create a mute rule

1. On the Automation Pipelines page, click Add a New Rule and select Mute.
2. Enter a descriptive name for the rule, for example, Compensating control in place for account payment-prod.
3. Use the following boxes to configure the rule criteria:
   • Any of these types: The types of findings that the rule should check for. Available types include:
     • Misconfiguration
     • Attack Path
     • Identity Risk
     • API Security Finding
     • Application Code Vulnerability
     • Application Library Vulnerability
     • Container Image Vulnerability
     • API Security Finding
     • Host Vulnerability
   • Any of these tags or attributes: The resource tags or attributes that must match for the rule to apply.
4. To add severity criteria to the rule, click Add Severity.
5. Specify the mute reason and duration:
   • Reason for muting: The reason for muting the finding. Available reasons include:
     • False Positive
     • Risk Accepted
     • Pending fix
     • No Fix
     • Duplicate
     • Other
   • Rule expiration: The date on which the rule expires.
   • Further description for muting reason: Optional box for additional details.
6. Click Save. The rule applies to new findings immediately and starts checking existing findings within the next hour.

Rule matching order

When Datadog identifies a finding, it evaluates the finding against your sequence of mute rules. Starting with the first rule, if there’s a match, Datadog mutes the finding for the specified duration and stops evaluating further. If no match occurs, Datadog moves to the next rule. This process continues until a match is found or all rules are checked without a match.

Further reading

추가 유용한 문서, 링크 및 기사:

Automation PipelinesDOCUMENTATION