If you want to exclude Event IDs from alerting you can create a group called „Windows“ via Management -> Groups and edit the shared config.
Then just put your rules in it:
<agent_config>
<!– Shared agent configuration here –>
<localfile>
<location>Application</location>
<log_format>eventchannel</log_format>
<query>Event/System[EventID != 1006 and EventID != 12016 and EventID != 12017 and EventID != 12018]</query>
</localfile>
</agent_config>
Reference:
https://groups.google.com/g/wazuh/c/30bejDOWGxU