Need advise on Security Onion 2.3.40 rules

[GopalSati]

Hello,
I have recently started using Security Onion 2.3.40. I want to customize the existing rules. Please advise how I can disable the unwanted rules (as now I am using cmdlet sudo so-rule disabled add SID).

Can i comment on the specific rules by adding to local.rules..

Thanks
GS

[weslambert]

You can add disablements in the pillar if you like (if you do not want to use so-rule):

https://docs.securityonion.net/en/latest/managing-alerts.html?highlight=disable#disable-the-sid