Alert is a notification service which generates alerts.
Cloudnosys will send an alert when any change is made or your resources are at risk.
We have two types of alerts, Risks & System alerts.
Risks: When the scan is started alerts are received. Scan basically runs a security check on your Cloudnosys account(s) and generates risk(s).
So, when a user clicks on an alert, here for instance we received an alerts saying that “SSH access in not restricted from the internet” it opens up a detail view of the risk:
Showing you the
- Signature ID and scanned time
- Signature title and description
With other details such as Status,Risks Level,Service,Cloud Account on which the risk was identified,Failed & Passed resources and Remediation steps.
System alerts are alerts generated for a user, for instance when an invite is sent for joining an organization, user will receive a notification in System tab
And by clicking on it, a pop-up will appear & user can accept or decline the invitation.
Suppression
When an alert is irrelevant, you can manually dismiss it.
Cloudnosys provides a Suppression feature for this to automatically dismiss similar alerts in the future. Suppression can be used for:
- Suppress alerts that you’ve identified as false positives
- Suppress alerts that are being triggered too often to be useful
Your suppression rules define the criteria for which alerts should be automatically dismissed.
Suppress globally or by regulation
Note:
Suppressing security alerts reduces the threat protection of the Security Center. You should carefully check the potential impact of any suppression rule, and monitor it over time.
Create a suppression rule #
You can create suppression rules in three ways:
- Suppressing a resource
- Suppressing a risk from a resource drawer
- Suppressing risks at Compliance level
1. Suppressing a Resource:
For suppressing a resource navigate to Security Dashboard >> Click on any widget >> Resource finder drawer will be shown >> then Click on the icon:
- Select a reason and then Save:
After suppressing, you’ll receive a notification and all reports and widgets will be updated.
2. Suppressing a risk from a Resource drawer:
Open resource drawer from the security dashboard, expand a resource and hit suppress icon:
3. Suppressing risks at Compliance level:
Navigate to Security dashboard >> Scroll down to Most Critical Resource >> View risks
and then Click on the icon:
Select a Cloud account(s)
A risk can be suppressed:
i) Globally (It’ll dismiss the alert on all resources so you don’t get any alerts like this one in the future.) or
ii) In a specified report (Your rule can dismiss the alert in the selected report)
Next, you need to select a reason and hit ‘SAVE’
and then you’ll receive a notification:
Edit a suppression rule #
To edit the rules you’ve created, use the suppression rules page.
- From the Navigation menu go to Settings and then select the Suppression Rules
- The suppression rules page opens with all the rules
- Click on the “Edit”
make the necessary changes and click Save.
Delete a suppression rule #
Unsuppress a resource by clicking on the “Delete”
A modal will appear:
After unsuppressing, you’ll receive a notification
and all reports & widgets will be updated