I set up this Service Event Rule on our AWS: Guard Duty integration. I’m attempting to supress the alerts coming from Guard Duty that have a severity rating of 1, 2, or 3. This is the severity rating in the Guard Duty alert (in the JSON sent to the integration), not the severity rating PagerDuty assigns (info, warn, error, critical).
However, despite this showing what recent alerts it would have filtering, those events didn’t get filtered and still sent notifications to my team.
“Suppression, as opposed to setting alert severity, allows you to send events to PagerDuty without triggering any notifications. Suppressed alerts are stored in PagerDuty and available for forensics, analysis, and context, but do not create incidents. (https://support.pagerduty.com/docs/event-management)”
Here is what the service event rule looks like with the highlighted field on the right.
Nothing was set in the customize event fields, and the ‘At these times’ tab is set to always.
Despite having these set, they still created an incident and alerted my team
Does anyone have any ideas on what I am doing wrong? Thank you!