Guidance on Reducing SNS Email Noise for Vulnerability Detector Alerts

[Chandra pal singh Chauhan]

Hello Team,

I hope you are doing well.

I would like some guidance regarding our current AWS SNS email configuration. We have set up email notifications for specific rule IDs for specific attack events and the overall Vulnerability Detector module. However, we are currently experiencing a high volume of alerts due to vulnerability detector module, which is creating significant noise.

We would like to explore options to reduce this noise. Specifically, is it possible to aggregate these vulnerability-related events and send them as a single consolidated email instead of multiple individual notifications?

Any recommendations or best practices to manage and optimize these alerts would be greatly appreciated.

Regards,

Chandra

[Othniel Ebolum]

Hello Chandra, 

No, you cannot natively aggregate these vulnerability-related events with the current SNS integration.

However, you can work around the configuration changes with the integration block 

<integration>
  <name>custom-sns-integration.py</name>
  <alert_format>json</alert_format>
  <rule_id>YOUR_ATTACK_RULE_IDS_HERE</rule_id>  <!-- keep your specific attack rules real-time -->
  <group>vulnerability-detector</group>         <!-- optional: keep only if you want some VD alerts -->
  <level>12</level>                             <!-- or higher; VD rules often use 7–13 based on severity -->
</integration>

to filter more aggressively on what vulnerability alerts are sent.

You can also attempt to suppress low-severity vulnerability detection alerts before they are sent in your rules.

Best Regards,