Anpassungen für echte Incidents, damit diese während der Lernphase nicht in das dauerhafte Trainings-Set aufgenommen werden.

deploy/mariadb/init/001-schema.sql

@@ -1380,4 +1380,19 @@ CREATE TABLE detection_suppressions (
 );
 
 CREATE INDEX idx_suppressions_lookup
-ON detection_suppressions (enabled, rule_name, hostname, channel_name, event_id);
+ON detection_suppressions (enabled, rule_name, hostname, channel_name, event_id);
+
+CREATE TABLE baseline_exclusions (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    hostname VARCHAR(255) NOT NULL DEFAULT '',
+    channel_name VARCHAR(255) NOT NULL DEFAULT '',
+    event_id INT NOT NULL DEFAULT 0,
+    reason TEXT NULL,
+    created_by VARCHAR(128) NOT NULL DEFAULT '',
+    created_at TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
+    expires_at TIMESTAMP(6) NULL,
+    enabled TINYINT(1) NOT NULL DEFAULT 1
+);
+
+CREATE INDEX idx_baseline_exclusions_lookup
+ON baseline_exclusions (enabled, hostname, channel_name, event_id, expires_at);