You can adjust the scope baseline of Kubernetes runtime policies for alerts that indicate false positive workloads behavior. To do so, you can close alerts or add egress traffic destinations to the scope baseline.
Closing alerts is only recommended for excluding specific workloads that exhibit known behaviors from the alerts list.
- On the left navigation pane, select Alerts.
- Locate and select the alerts of interest and do one of the following:
- On the Actions dropdown menu, click Add to baseline. Click OK to confirm.
- On the Actions dropdown menu, click Close.
- In the Close as dropdown menu, select a reason for closing the alert, for example, Resolved - Benign/Known.
- Optionally select the check box to close all existing alerts that have the same threat ID.
- Optionally automatically close all future alerts that have this threat ID.
- Enter an optional note about the reason for closing the alert.
- Click Close Alert.