Security Command Center now supports dynamic mute rules, which allow you to mute future and existing findings temporarily until a specified date or indefinitely until a finding no longer matches the configuration. We are adding these rules as an alternative to the original static mute rules that only mute future findings indefinitely.

We recommend using dynamic mute rules exclusively in your mute rule configurations because they are more flexible than static mute rules. Compared to static mute rules, dynamic mute rules have three key benefits:

• Dynamic mute rules apply to existing and new findings. Dynamic mute rules automatically mute both existing and new or updated findings that match your filter criteria.
• Dynamic mute rules offer an expiration option. Dynamic mute rules also allow you to set a custom expiration period to temporarily match specific findings. If no expiration period is set, dynamic mute rules mute findings indefinitely until they no longer match the rule.
• Dynamic mute rules automatically unmute findings. When any of the following occurs, Security Command Center automatically unmutes the finding:
• The dynamic mute rule expires.
• The properties of a finding change to no longer match your filter criteria.
• The filter criteria change to no longer match the finding.

We don't recommend using static and dynamic mute rules simultaneously. Static mute rules override dynamic mute rules when they are applied to the same finding. As a result, dynamic mute rules won't work as intended, which can create confusion when managing your findings.

If you want to use dynamic mute rules exclusively, the following sections describe the permissions and steps necessary to migrate your static mute rules.

https://cloud.google.com/security-command-center/docs/dynamic-mute-migrate#migration-process