I am interested in downgrading the severity or completely turning off alerts from an account like AWS. Is there a way to automatically do this or do I need to change the severity of all of my detections manually?
There currently isn't an option to implement a global default override for a specific account. You can however update the severity outside of manual override by adding a severity override in the policy code, such as the following:
def severity(event):
if event.get('accountId') == MY_TEST_AWS_ACCOUNT_ID:
return "LOW"
return "HIGH"
For more information, please see the severity function within our Detection Auxiliary Function documentation.
Additionally, if you would like to disable scanning for your test account, you can exclude it via regex by navigating to Integrations>Cloud Accounts>Your Account and then opening up Configure, expanding the Advanced Options, and specifying the regex under "Exclude Resources by Regex."