Supressing alerts

So you got an alert and you’re wondering what to do with it. In most cases your alerts will be managed by Perch via our Perch Security Operations Center. You can see this in action right on your dashboard under Recent Suppressions. However, you can always take the reigns and manage alerts on your own as you see fit.

Alerts have actionable items to the right of each alert. Suppressions only apply to the 3 middle icons. The Perchy icon on the left will jump you into Perchybana. The details icon launch will jump you into the indicator detail page.

Alert Actions

verified_user Remediation
Remediation will apply a one time suppression for the raised alert. Remediations apply to alerts that have been either corrected by the customer (ie. applied patch, updating control, config change, other), or when a rule fires true to the traffic seen and the results of the conversation lead to approved actions/services or unsuccessful attacks.

not_interested False Positive
A false positive typically originates when a rule’s definition is missing some logic and is too broad. As a result, it incorrectly identifies events that match the current rules logic even though they aren’t a legitimate security threat.

snooze Snooze
Snoozing allows you to hide an alert for a certain amount of time. You may also enter a reason for snoozing.