Manage alert suppression
There might be scenarios where you need to perform alert tuning to suppress alerts from appearing in the portal. You can create alert tuning rules for specific alerts known to be innocuous, such as known tools or processes in your organization.
View existing rules
You can view a list of all the alert tuning rules and manage them in one place. You can also turn an alert tuning rule on or off by completing these actions:
In the Microsoft Defender portal, select Settings, select Microsoft Defender XDR, and then under Rules select Alert tuning. The list of Alert tuning rules that users in your organization have created are displayed.
Select a rule by selecting the check-box beside the rule name.
Select Turn rule on, Edit rule, or Delete rule. When making changes to a rule, you can choose to release alerts that it has already suppressed, regardless of whether or not these alerts match the new criteria.