Quiet mode default severity for alerts

Due to the growing size of the alerts library, over 280, SaaS Alerts has reviewed and determined a new schema for the default severity of these alerts. The new default, called Quiet Mode, takes into consideration the noise the system can generate and has reduced this. The intent being that Unify, Fortify and Respond can be leveraged to tighten controls and act upon possible threats. 

Below is an outline of the changes that will be applied once the Quiet default has been adopted by existing Partners. 

Upon review of the changes we encourage all Partners to adopt the Quiet default. This new default will not override any current customized alert severities. Navigate to Settings > Customize Alert Severity. At the top there is a toggle for Onboarding Mode and Quiet Mode.

Summary of changes 

Current Default Severity	Count	Updated Default Severity	Count
Low	174	Low	256
Medium	81	Medium	26
Critical	31	Critical	4

Details of changes 

Alert Type	Alert Description	Current Default Severity	Updated Default Severity
multiple.login.diff.ip	IAM Event - Multiple Login Connections From Different IP Addresses	Low	Critical
technician.disable.mfa	MSP Tools - IAM - MFA Method Disabled for Technician User	Medium	Critical
account.locks	IAM Event - Account Locked	Medium	Low
add.mailbox.permission	Add Mailbox Permission	Medium	Low
add.recipient.permission	Add Recipient Permission	Medium	Low
api.quota.exceeded	API limits have been reached. Processing will resume after product’s timeout has expired.	Medium	Low
application.event.saas.integration	Application Event - SaaS Integration	Critical	Low
conditional.access.violation	IAM Event - Conditional Access Violation	Critical	Low
email.external.file.share.risk	Email File Share Event - External File Share Risk	Medium	Low
email.forwarding.rule.enabled	Email Event - Email Rule Enabled	Medium	Low
enduser.create.user	MSP Tools - IAM - End User Created	Medium	Low
enduser.mfa.failure	MSP Tools - IAM - End User MFA Failure	Medium	Low
enduser.modify.phone	MSP Tools - IAM - End User modified Phone Number	Medium	Low
enduser.modify.user	MSP Tools - IAM - End User Account Modified	Medium	Low
external.file.share.risk	File Share Event - External File Share Risk	Medium	Low
fortify.action.failed	Fortify Action Failed to Enabled	Medium	Low
fortify.action.undone.failed	Fortify Action undone failed	Medium	Low
fortify.app.connection.failed	Failed SaaS Alerts Fortify API connection	Critical	Low
group.management.create	Policy Event - Security Group Change (create)	Medium	Low
group.management.delete	Policy Event - Security Group Change (delete)	Medium	Low
group.management.update	Policy Event - Security Group Change (update)	Medium	Low
iam.user.account.created	User Created	Medium	Low
iam.user.account.update	User Updated	Medium	Low
manage.alert.suppressed	Alert suppressed	Medium	Low
manage.api.key.created	API Key Created	Medium	Low
manage.customer.deleted	Organization Deleted	Medium	Low
manage.customer.file.trigger.updated	Organization File Event Trigger Updated	Medium	Low
manage.customer.name.modified	Organization Name Modified	Medium	Low
manage.customer.recipients.added	Organization`s Additional Alert Email Recipient(s) Added	Medium	Low
manage.customer.recipients.disabled	Organization`s Additional Alert Email Recipient(s) Disabled	Medium	Low
manage.customer.recipients.modified	Organization`s Additional Alert Email Recipient(s) Modified	Medium	Low
manage.customer.whitelist.updated	Organization Whitelist Rule Updated	Medium	Low
manage.msp.billing.information.changed	MSP Billing Information Changed	Medium	Low
manage.msp.company.information.changed	MSP Company Information Changed	Medium	Low
manage.partner.api.key.updated	Partner API Key updated	Medium	Low
manage.psa.connection.paused	Psa Connection Paused	Medium	Low
manage.user.file.trigger.updated	User File Event Trigger Changed	Medium	Low
manage.user.locked	SaaS Alerts User is Locked	Medium	Low
manage.user.whitelist.updated	User Whitelist Rule Updated	Medium	Low
manage.webhook.url.added	Webhook URL added	Medium	Low
manage.webhook.url.deleted	Webhook URL deleted	Medium	Low
modify.global.security.settings	MSP Tools - System - Global Security Settings Modified	Medium	Low
ms.audit.off	Error - MS audit off	Critical	Low
msp.tools.monitoring.api.external.integration.create	API/External Integration create	Critical	Low
msp.tools.monitoring.api.external.integration.update	API/External Integration update	Medium	Low
msp.tools.monitoring.api.key	API/External Integration (create)	Critical	Low
msp.tools.monitoring.api.key.upd.del	API/External Integration (update/delete)	Critical	Low
msp.tools.monitoring.data.export.create	Data export	Medium	Low
msp.tools.monitoring.domain.delete	Asset Deleted - Domain Delete	Medium	Low
msp.tools.monitoring.logs.export.create	Logs export	Medium	Low
msp.tools.monitoring.runbook.created	Data Export Runbook	Medium	Low
msp.tools.monitoring.runbook.downloaded	Data Export Downloaded	Medium	Low
msp.tools.monitoring.ssl.deleted	Asset Deleted - SSL Delete	Medium	Low
multifactor.auth.enabled	IAM Event - Multi-Factor Authentication Enabled	Critical	Low
new.device	Device Event - New Device	Medium	Low
policy.deleted	MSP Tools - Policy - Deleted	Medium	Low
policy.event.security.role.change.create	Policy Event - Security Role Change (create)	Medium	Low
policy.event.security.role.change.delete	Policy Event - Security Role Change (delete)	Medium	Low
policy.event.security.role.change.update	Policy Event - Security Role Change (update)	Medium	Low
policy.modified	MSP Tools - Policy - Modified	Medium	Low
remotetools.filesystem.file.downloaded	MSP Tools - Remote Tools - File Downloaded	Medium	Low
remotetools.filesystem.file.uploaded	MSP Tools - Remote Tools - File Uploaded	Medium	Low
report.created	MSP Tools - Report - Created	Medium	Low
report.modified	MSP Tools - Report - Modified	Medium	Low
reports.report.scheduled	Report Scheduled	Medium	Low
respond.account.deleted	Account Deleted	Critical	Low
respond.account.deleted.failed	Account Deleted failed	Medium	Low
respond.account.signin.blocked	Account Sign In Blocked	Medium	Low
respond.account.signin.blocked.failed	Account Sign In Blocked failed	Medium	Low
respond.app.connection.failed	Failed SaaS Alerts Respond API connection	Critical	Low
respond.broad.rule.created	SaaS Alerts Respond - Broad Rule Created	Medium	Low
respond.remediation.failed.reminder	SaaS Alerts Respond - Rule Remediation Failed Reminder	Medium	Low
respond.rule.created	Rule Created	Medium	Low
respond.rule.updated	Rule Updated	Medium	Low
respond.state.disabled	SaaS Alerts Respond Disabled	Critical	Low
script.create	MSP Tools - Script - Created	Medium	Low
script.modify	MSP Tools - Script - Modified	Medium	Low
security.group.changes	Policy Event - Security Group Change	Medium	Low
security.policy.changes	Policy Event - Security Policy Change	Critical	Low
securityRole.modify.membership	MSP Tools - IAM - Security Role Membership Modified	Medium	Low
sf.external.datasource.added	External DataSource has been added/updated to the governed account	Critical	Low
sf.external.obh.add.updates	External Objects has been added/updated to the governed account	Critical	Low
tech.modify.phone	MSP Tools - IAM - Technician User modified Phone Number	Medium	Low
technician.create.user	MSP Tools - IAM - Technician User Account Created	Medium	Low
technician.mfa.failure	MSP Tools - IAM - Technician MFA Failure	Medium	Low
technician.modify.user	MSP Tools - IAM - Technician User Account Modified	Medium	Low
risky.activity	Risky Activity	Low	Medium
app.connection.failed	An Application API connection has failed	Critical	Medium
multiple.password.reset	IAM Event - Multiple Password Reset	Critical	Medium
outside.own.location	IAM Event - User Location - Outside approved location	Critical	Medium
system.compliance.confirmed.phishing	System Compliance Event - Confirmed Phishing	Critical	Medium
system.compliance.domain.email.restriction	System Compliance Event - Domain Email Restriction	Critical	Medium
system.compliance.email.flow.delay	System Compliance Event - Email Flow Delay	Critical	Medium
system.compliance.email.forwarding	System Compliance Event - Email Forwarding	Critical	Medium
system.compliance.email.sending.restriction	System Compliance Event - Email Sending Restriction	Critical	Medium
system.compliance.exchange.admin	System Compliance Event - Exchange Admin	Critical	Medium
system.compliance.exchange.forwarding	System Compliance Event - Exchange Forwarding	Critical	Medium
system.compliance.forms.phishing.risk	System Compliance Event - Forms Phishing Risk	Critical	Medium
system.compliance.restriction.email	System Compliance Event - User Restriction Email	Critical	Medium
system.compliance.sensitive.data.failure	System Compliance Event - Sensitive Data Failure	Critical	Medium
system.compliance.user.restriction	System Compliance Event - User Restriction	Critical	Medium
user.promoted.to.admin	Policy Event - Admin Access Granted	Critical	Medium