Dear ATLASSIAN Community,
There are Security Hub findings that I would not like to mitigate like "GuardDuty should be enabled". Therefore, I've suppressed this finding and closed the Opsgenie alert. Nevertheless, I do receive a new alert during the next check by AWS Security Hub although I've changed the findings' workflow status to SUPPRESSED.
Any ideas on how to avoid alerts for such suppressed AWS Security Hub findings? I also tried the workflow status NOTIFIED with the same result. I've followed the official documentation and also set up the IAM opsgenieSecurityHubRole.
Thanks in advance.
BR,
Philipp
Hi Philipp!
If you are looking to have Opsgenie not create alerts for findings that come in with a workflow status of 'SUPPRESSED', you will need to configure this in the filters section of your create alert action in the integration. By default, the AWS Security Hub integration creates alerts in Opsgenie for all workflow statuses. You can add a filter like shown in the screenshot below to exclude creating alerts for findings that have a workflow status of 'SUPPRESSED':
Awesome, thank you very much!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.