Thank you for your reply. 

As I understand IP Scanner rules, I have to enter each destination address to this rule. This is pretty unhandy as there are several targets and possible changes in of IPs. Is it therefore possible to allow the source address of the scanner somehow? 

If you don't want to limit the targets you can put "0.0.0.0/0" in the Target Address section and it should work. This would silence the selected alarms to all IPs. Depending on your deployment you might want to limit this to only private IPs by adding 3 private IP blocks.

Perhaps I am misinterpreting the rules.
As I understand the rule, I have to enter the targets here. That is correct, isn't it?

If I now enter 0.0.0.0/0 or only the private addresses, I will no longer detect scans from potential attackers because I have removed my entire infrastructure from this alarm. In my opinion, this is the wrong approach, as I will lose sight of potential attacks or be spammed with constant false positives.

If you create a rule and hover over the question marks on the rules you can see the explanations. Prefix section should be your scanner ( this is basically your scanner) and the target section should be the part of the network which will be scanned by the prefix. With this you are basically whitelisting the traffic between the prefix and the target network for the events I mentioned on the previous post. If there is another host performs scans you will get alarms for that traffic. 

In this example I am allowing the 192.168.100.1 to scan all IP ranges on all ports. You can test this by creating a rule for your scanner IP and initiating a test scan on your endpoint, or if you have multiple IPs on your scanners you can just create a rule for single IP and see alerts only stop for the IP(s) rule configured for.