How to Suppress Secure Baseline Rules in CYRISMA
Secure Baseline suppressions allow temporary suppression of configuration rules for specific operating systems or machines to better reflect practical business configurations. Important: Currently, Secure Baseline suppression does not offer global suppression capabilities. Each rule suppression must be done individually or through "Suppress All Similar" per operating system type.
Written by Liam Downward
Updated at March 17th, 2025
- User Manual
- Agents
- The Cyber Risk Assessment Process
- API Documents
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- CYRISMA Change Log
- Support Ticket SLA
- Onboarding Framework
- PSA Integrations
- Billing Questions
- Self Onboarding Guide
Table of Contents
Suppressing Secure Baseline Rules
To suppress Secure Baseline rules on a specific machine:
Log into the CYRISMA platform.
Navigate to Secure Baseline → Scan History.
Identify the scan and the machine you want to suppress a rule for.
Click on the bar graph representing the specific machine to view the rules.
Identify the rule you'd like to suppress:
- Click the three-dot (•••) menu next to the rule.
- Select Suppress to suppress only on this specific machine.
- Or select Suppress All Similar to suppress the rule on all machines of the same OS type/version.
Provide a justification if prompted.
Click Confirm to finalize suppression.
Recommended Approach for Suppressing Multiple Rules
To efficiently suppress multiple Secure Baseline rules:
Navigate to Secure Baseline > Scan History.
Under the Action column, select Create Mitigation next to the scan result.
Select only one machine at a time to manage suppressions efficiently.
Review rules individually and check the box next to each rule you wish to suppress.
Choose between suppressing on the individual machine or suppressing across similar OS versions.
Complete the suppression by confirming the action.
Managing Suppressed Rules
To view or manage existing suppressions:
- Navigate to Mitigation from the CYRISMA dashboard.
- Select Suppressions:
- Local Suppressions: Displays suppressions specific to individual machines.
- Global Suppressions: Displays vulnerabilities suppressed across all machines in the current instance.
Additional Considerations:
- Suppressions have a set duration (default typically 30-90 days). After expiration, the suppression must be reviewed and potentially re-suppressed.
- Suppression within Secure Baseline can be time-consuming, especially for multiple rules across different operating systems.
- Use Secure Baseline cautiously. Currently, there is no option to mass-import baseline configurations.
For additional assistance, contact CYRISMA Support.