Alerts & Suppression

Alert is a notification service which generates alerts.

Cloudnosys will send an alert when any change is made or your resources are at risk. 

We have two types of alerts, Risks & System alerts.

Risks: When the scan is started alerts are received. Scan basically runs a security check on your Cloudnosys account(s)  and generates risk(s).

So, when a user clicks on an alert, here for instance we received an alerts saying that “SSH access in not restricted from the internet” it opens up a detail view of the risk:

Showing you the 

  1. Signature ID and scanned time
  2. Signature title and description

With other details such as Status,Risks Level,Service,Cloud Account on which the risk was identified,Failed & Passed resources and Remediation steps.

System alerts are alerts generated for a user, for instance when an invite is sent for joining an organization, user will receive a notification in System tab

And by clicking on it, a pop-up will appear & user can accept or decline the invitation.

Suppression 

When an alert is irrelevant, you can manually dismiss it.

Cloudnosys provides a Suppression feature for this to automatically dismiss similar alerts in the future. Suppression can be used for:

  • Suppress alerts that you’ve identified as false positives
  • Suppress alerts that are being triggered too often to be useful

Your suppression rules define the criteria for which alerts should be automatically dismissed.

Suppress globally or by regulation

Note:

Suppressing security alerts reduces the threat protection of the Security Center. You should carefully check the potential impact of any suppression rule, and monitor it over time.

Create a suppression rule

You can create suppression rules in three ways:

  1. Suppressing a resource
  1. Suppressing a risk from a resource drawer
  2. Suppressing risks at Compliance level

 1. Suppressing a Resource:

For suppressing a resource navigate to Security Dashboard >> Click on any widget >>  Resource finder drawer will be shown >> then Click on the icon:

  • Select a reason and then Save:

After suppressing, you’ll receive a notification and all reports and widgets will be updated.

2. Suppressing a risk from a Resource drawer:

Open resource drawer from the security dashboard, expand a resource and hit suppress icon:

3. Suppressing risks at Compliance level:

Navigate to Security dashboard >> Scroll down to Most Critical Resource >> View risks

and then Click on the icon:

Select a Cloud account(s)

A risk can be suppressed:

i) Globally (It’ll dismiss the alert on all resources so you don’t get any alerts like this one in the future.) or 

ii)  In a specified report (Your rule can dismiss the alert in the selected report)

Next, you need to select a reason and hit ‘SAVE

and then you’ll receive a notification:

Edit a suppression rule

To edit the rules you’ve created, use the suppression rules page.

  1. From the Navigation menu go to Settings and then select the Suppression Rules 
  2. The suppression rules page opens with all the rules
  1. Click on the “Edit”

make the necessary changes and click Save.

Delete a suppression rule

Unsuppress a resource by clicking on the “Delete

A modal will appear:

After unsuppressing, you’ll receive a notification

and all reports & widgets will be updated