Intelligence
This is a draft page and will not show up on the live site until you remove the draft flag from the page. If you need assistance contact a developer.
Suppressing alerts
How to suppress alerts
So you got an alert and you’re wondering what to do with it. In most cases your alerts will be managed by Perch via our Perch Security Operations Center. You can see this in action right on your dashboard under Recent Suppressions. However, you can always take the reigns and manage alerts on your own as you see fit.
Alerts have actionable items to the right of each alert. Suppressions only apply to the 2 middle icons. The Perchy icon on the left will jump you into Perchybana. The details icon launch will jump you into the indicator detail page.
verified_user Remediation Remediation will apply a one time suppression for the raised alert. Remediations apply to alerts that have been either corrected by the customer (ie. applied patch, updating control, config change, other), or when a rule fires true to the traffic seen and the results of the conversation lead to approved actions/services or unsuccessful attacks.
not_interested False Positive A false positive typically originates when a rule’s definition is missing some logic and is too broad. As a result, it incorrectly identifies events that match the current rules logic even though they aren’t a legitimate security threat.