Welcome to the new Evident.io Support Portal. Our goal was to make it easier to navigate, so please let us know if you have any questions or concerns. We have migrated the ticket content from the old portal, but you may need to re-register to log in and view your tickets.

What should I do about alerts in unused regions?

AWS creates certain default resources in every region when the AWS account is first provisioned.  Since ESP automatically scans and reports resources from every AWS region, you may see alerts even in regions that you don't actually need or use.

The best practice recommendation is to go through each alert and suppress them individually.  To do that, open the alert details page then click on Suppression Options -> Suppress this alert.  This will suppress the alert and keep it from being counted within ESP's dashboard.  You also have the option to suppress alerts for the entire region or signatures within that region.  However, this is not recommended since you will lose visibility in those regions.  If you suppress the entire region and someone accidentally creates resources or maliciously started to use those regions, ESP can still detect, but the results will not show up in ESP dashboard and by default, will not generate any integration notifications.

  • 143
  • 11-Dec-2017
  • 59 Views