search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
681 stars 289 forks source link

Spike: Low Priority Pager duty alerts - review #6314

Closed SimonPPledger closed 1 week ago

SimonPPledger commented 8 months ago

User Story

As a modernisation platform engineer I want to look at our low priority pagerduty alerts So that we are only receiving alerts that require a response. However this might not be possible. This is to confirm what we want to do with these alerts rather than fix them (for now)

Value / Purpose

We regularly see the following alarms in our #modernisation-platform-low-priority-alarms Slack channel:

Sum unauthorised-api-calls GreaterThanOrEqualToThreshold 1.0

Sum sign-in-failures GreaterThanOrEqualToThreshold 1.0

Sum iam-policy-changes GreaterThanOrEqualToThreshold 1.0

This ticket will involve taking a look at the alerts we receive in the #modernisation-platform-low-priority-alarms channel and assessing if we need to be alerted for them.

Ideally we should only receive alerts for incidents that require our attention.

Useful Contacts

No response

Additional Information

We should ensure that we don't compromise our adherence to AWS Security Hub Security Standards.

Proposal / Unknowns

No response

Definition of Done

dms1981 commented 8 months ago

Are these linked to Security Hub Control Standards? If we modify these alerts, will we affect our Security Hub compliance metric? Could we just not push these alerts through to Slack?

ewastempel commented 4 months ago

For Sum iam-policy-changes GreaterThanOrEqualToThreshold 1.0 make it specific to IAM policies that are used in our pipelines/SSO roles (all the roles that we own).

ewastempel commented 4 months ago

For Sum unauthorised-api-calls GreaterThanOrEqualToThreshold 1.0 and Sum sign-in-failures GreaterThanOrEqualToThreshold 1.0 adjust the threshold to notify when it happens on mass.

SimonPPledger commented 4 months ago

believe this is replaced by https://github.com/ministryofjustice/modernisation-platform/issues/1535 - but want to keep it open until we have confirmation

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 90 days with no activity.

SimonPPledger commented 1 week ago

closing as it is a duplicate