Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

How to avoid alerts for suppressed AWS Security Hub findings?

Philipp Schuller
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 15, 2024

Dear ATLASSIAN Community,

There are Security Hub findings that I would not like to mitigate like "GuardDuty should be enabled". Therefore, I've suppressed this finding and closed the Opsgenie alert. Nevertheless, I do receive a new alert during the next check by AWS Security Hub although I've changed the findings' workflow status to SUPPRESSED.

Any ideas on how to avoid alerts for such suppressed AWS Security Hub findings? I also tried the workflow status NOTIFIED with the same result. I've followed the official documentation and also set up the IAM opsgenieSecurityHubRole.

 

Thanks in advance.

 

BR,

Philipp

1 answer

1 accepted

0 votes
Answer accepted
Skyler Ataide
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 18, 2024

Hi Philipp! 

 

If you are looking to have Opsgenie not create alerts for findings that come in with a workflow status of 'SUPPRESSED', you will need to configure this in the filters section of your create alert action in the integration. By default, the AWS Security Hub integration creates alerts in Opsgenie for all workflow statuses. You can add a filter like shown in the screenshot below to exclude creating alerts for findings that have a workflow status of 'SUPPRESSED': 

Screenshot 2024-03-18 at 11.15.52 AM.png

 

Philipp Schuller
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 20, 2024

Awesome, thank you very much!

Like Skyler Ataide likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events