Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create runbook page for Kibana PSA alert #5062

Merged
merged 1 commit into from
Dec 1, 2023
Merged

Create runbook page for Kibana PSA alert #5062

merged 1 commit into from
Dec 1, 2023

Conversation

tom-j-smith
Copy link
Contributor

No description provided.

poornima-krishnasamy
poornima-krishnasamy reviewed Dec 1, 2023
View reviewed changes
runbooks/source/kibana-podsecurity-violations-alert.html.md.erb Outdated
@@ -0,0 +1,39 @@
---
title: Kibana PodSecurity Violations Alert
weight: 9999
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can u set the weight so it sits after this: https://runbooks.cloud-platform.service.justice.gov.uk/export-elasticsearch-to-csv.html

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Completed

runbooks/source/kibana-podsecurity-violations-alert.html.md.erb Outdated

Kibana will put a message into the `#low-priority-alarms` slack channel whenever the [PodSecurity Violations monitor](https://kibana.cloud-platform.service.justice.gov.uk/_plugin/kibana/app/opendistro-alerting#/monitors/jR-J3YsBP8PE0GofcRIF) first goes into the `Triggered` status.

The monitor is throttled to only send 1 message every 24 hours per trigger, this means if a namespace is already triggering the monitor then when another violation occurs then it will not send another message. The best way to check what is triggering the moniotor is to use the steps mentioned above under [Checking logs for PSA violation in Kibana](#checking-logs-for-psa-violations-in-kibana).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The monitor is throttled to only send 1 message every 24 hours per trigger, this means if a namespace is already triggering the monitor then when another violation occurs then it will not send another message. The best way to check what is triggering the moniotor is to use the steps mentioned above under [Checking logs for PSA violation in Kibana](#checking-logs-for-psa-violations-in-kibana).
The monitor is throttled to only send 1 message every 24 hours per trigger, this means if a namespace is already triggering the monitor then when another violation occurs then it will not send another message. The best way to check what is triggering the monitor is to use the steps mentioned above under [Checking logs for PSA violation in Kibana](#checking-logs-for-psa-violations-in-kibana).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Completed

@tom-j-smith tom-j-smith merged commit eaf802b into main Dec 1, 2023
3 checks passed
@tom-j-smith tom-j-smith deleted the kibana_psa_alert branch December 1, 2023 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poornima-krishnasamy poornima-krishnasamy poornima-krishnasamy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tom-j-smith @poornima-krishnasamy