Disabling alerts from one source IP - on SIDs or BPF?

[UMWP]

Hello,

Let's say I have network vulnerability scanner (Nessus for example ) and it makes a lot of noise - thousands of different alerts.
How can I disable all SIDs for that one IP (or few IPs)? Can it be done on SIDs disabling or tresholding level or is it better on BPF?

Thank You again SO Team

[RagnarSTS]

One can use BPF to drop all the traffic before it hits suricata so that it doesn't generate alerts. Optional to still log it normally or block it from zeek and stenographer and such also.
Just dump everything going to or from that single machine; and then hope that isn't the first machine compromised in the future. :)