Solved

How do I change the severity of an alert policy?

  • 22 August 2023
  • 3 replies
  • 657 views

Badge

If I’m getting a lot of medium-level alerts for things that aren’t that big a deal for our organization, how do I set them to Low or Info?

Agent

N/A

Platform

Current

Cloud

AWS

icon

Best answer by Eddy 23 August 2023, 17:24

View original

3 replies

Badge

You’d have to duplicate the policy and set the severity to your desired value. Please note that anomaly based detections (policy severities) can’t be overwritten. Give it a try...

You are right Eddy

Would also maybe suggest updating policy to filter out know items you don't care about vs lowering the overall alert.

Example: Alert new external connection
Don't just disable or lower this alert, update the alert so that you exclude edge servers or edge apps like proxies or gateways

This way you can clean up your alerts but still get alerted when you need it, if it happens else where then known areas

Reply