If I’m getting a lot of medium-level alerts for things that aren’t that big a deal for our organization, how do I set them to Low or Info?
Agent
N/A
Platform
Current
Cloud
AWS
Best answer by Eddy
View original
How do I change the severity of an alert policy?
You’d have to duplicate the policy and set the severity to your desired value. Please note that anomaly based detections (policy severities) can’t be overwritten. Give it a try...
You are right Eddy
Would also maybe suggest updating policy to filter out know items you don't care about vs lowering the overall alert.
Example: Alert new external connection
Don't just disable or lower this alert, update the alert so that you exclude edge servers or edge apps like proxies or gateways
This way you can clean up your alerts but still get alerted when you need it, if it happens else where then known areas
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.