diff --git a/runbooks/source/kibana-podsecurity-violations-alert.html.md.erb b/runbooks/source/kibana-podsecurity-violations-alert.html.md.erb index 8cc35174..49479109 100644 --- a/runbooks/source/kibana-podsecurity-violations-alert.html.md.erb +++ b/runbooks/source/kibana-podsecurity-violations-alert.html.md.erb @@ -1,5 +1,5 @@ --- -title: Kibana PodSecurity Violations Alert +title: Kibana PodSecurity Violations Alert weight: 9999 last_reviewed_on: 2023-11-30 review_in: 3 months @@ -12,7 +12,7 @@ This runbook will document the Kibana PodSecurity (PSA) violations monitor and h [This Kibana monitor](https://kibana.cloud-platform.service.justice.gov.uk/_plugin/kibana/app/opendistro-alerting#/monitors/jR-J3YsBP8PE0GofcRIF) has been created that will alert if any PSA violations are detected. -You can see when previous alerts have been triggered under the `Alerts` section on the monitor. +You can see when previous alerts have been triggered under the `Alerts` section on the monitor. ## Checking logs for PSA violations in Kibana @@ -22,7 +22,7 @@ To diagnose which namespace(s) are violating and to see the reason in the logs, "violates PodSecurity" AND NOT "smoketest-restricted" AND NOT "smoketest-privileged" ``` -Or follow [this link](https://kibana.cloud-platform.service.justice.gov.uk/_plugin/kibana/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-5h,to:now))&_a=(columns:!(_source),filters:!(),index:'167701b0-f8c0-11ec-b95c-1d65c3682287',interval:auto,query:(language:kuery,query:'%22violates%20PodSecurity%22%20AND%20NOT%20%22smoketest-restricted%22%20AND%20NOT%20%22smoketest-privileged%22'),sort:!())) to get the same search. +Or follow [this link](https://kibana.cloud-platform.service.justice.gov.uk/_plugin/kibana/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-5h,to:now))&_a=(columns:!(_source),filters:!(),index:'167701b0-f8c0-11ec-b95c-1d65c3682287',interval:auto,query:(language:kuery,query:'%22violates%20PodSecurity%22%20AND%20NOT%20%22smoketest-restricted%22%20AND%20NOT%20%22smoketest-privileged%22'),sort:!())) to get the same search. This will show any logs of PSA violations (excluding smoketests). If no logs appear then increase the time frame to match when the alert was triggered, you can check this on the monitor under the `Alerts` heading.