One of the more simply yet powerful features of Aanval is the ability to temporarily suppress events matching specific criteria from displaying within Aanval.
Suppression is intended to limit clutter when focusing on specific tasks, not to remove events from the display. Suppression works on any display which provides events that are filtered through the Aanval search mechanisms as well as some statistics displays.
Suppression rules can be created from the Suppression display, or from specific displays like Event Details where basic suppression can be done with a single click.
You can suppress an event using one of the following criteria:
- Signature ID
- Class ID
- Source Address
- Destination Address
- Source Port
- Destination Port
Suppressing events is not permanent and only limits the display of suppressed events for the time period selected. Within the Suppression display, a user can define the amount of time an event is suppressed.
An event can be suppressed for the following periods of time:
- 1 Day
- 3 Days
- 1 Week
- 2 Weeks
- 1 Month
- 3 Months
Also note, at any time you can disable or delete an event suppression rule.