New alarm: alarm_domainchange :bluecheck index alarm - any change of domain classification #129
Labels
alarm
Related to RedELK alarms
elkserver
Related to RedELK server components
enhancement
New feature or request
Milestone
Comments
xychix
changed the title
xychix
changed the title
xychix
changed the title
|
Should include a way to handle the situations where we are blocked by or get an error from one of the domain classifiers. For example, if the most recent check includes 'error', maybe wait an iteration and check if the error persists. If the error persists, also give an alarm to notify red team operators that the domain classification alarm isnt working anymore for that domain classifier. Same for 'Blocked'. |
fastlorenzo
added
elkserver
fastlorenzo
changed the title
fastlorenzo
changed the title
|
After discussion with @fastlorenzo, decided that this first needs restructuring of how we handle domain info. So this is pending on #270 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to see the following alarms added as part of alarm.py:
alarm for status change of domain classifications in bluecheck index. Alarm on any change!
The text was updated successfully, but these errors were encountered: