It seems the real issue isn't how noalert behaves; it's actually in the rule file itself.
You've got rule 100011 written twice (it's pasted in there identically). When Wazuh loads rules and finds two with the same ID, it doesn't merge them, it just creates a conflict, and that's almost certainly what's messing with the if_matched_sid correlation once you add noalert to 100010. So first thing, just remove that duplicate block:
<group name="juniper,rtflow,firewall,">
<rule id="100010" level="3" noalert="1">
<field name="policy-name">DENY_ALL</field>
<field name="reason">Denied by policy</field>
<description>Juniper RT_FLOW session denied $(srcip):$(source-port) to $(destination-address):$(destination-port) policy $(policy-name)</description>
</rule>
<rule id="100011" level="10" frequency="8" timeframe="120" ignore="60">
<if_matched_sid>100010</if_matched_sid>
<description>RTFLOW DENY Policy: 8 Registered Events in 2 Minutes</description>
</rule>
<rule id="100012" level="3">
<field name="sub-category">Shopping</field>
<description>User Shopping $(srcip):$(source-port) to $(destination-address):$(destination-port) Site $(nested-application)</description>
</rule>
<rule id="100013" level="3">
<field name="nested-application">EVASIVE-PROTOCOL</field>
<description>Evasive Protocol Detected $(srcip):$(source-port) to $(destination-address):$(destination-port) Method $(nested-application)</description>
</rule>
<rule id="100014" level="3">
<field name="nested-application">CHROME-REMOTE-DESKTOP</field>
<description>Remote Desktop Site Detected $(srcip):$(source-port) to $(destination-address):$(destination-port) Method $(nested-application)</description>
</rule>
Rule tag usageQuick note on why noalert should still let if_matched_sid work fine. noalert just stops the rule from getting written into alerts.log or alerts.json. It doesn't stop the rule from matching behind the scenes, and that internal match is what if_matched_sid actually relies on, not whether it alerted. So once the duplicate is gone, 100010 should stay silent while 100011 keeps triggering normally off it.
Another option is to drop the rule level below 3 on 100010; that way it still won't show up on the dashboard since anything under level 3 gets ignored by default.
Rule classification
If 100011 is still not firing properly after adding noalert to 100010, go ahead and share some sample logs with me so I can replicate it on my end and put together more accurate rules for you. Let me know how it goes.