Can I suppress an external alert from triggering a detection ?
From the External Alert, navigate to the bottom of the event details to create a suppression rule:
A new pop up will appear, with options for the suppression rule:
You can then view the Suppression rule created in the "Suppression Rules" tab from Alert Sources:
A similar process can be done from the Detection itself as well. By changing the Remediation Status to "Not Remediated" followed by "This is authorized, non-testing activity" will cause a note to be added for future Detections to be suppressed.