Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up security hub / config alerts #1535

Closed
2 of 4 tasks
davidkelliott opened this issue Mar 11, 2022 · 8 comments
Closed
2 of 4 tasks

Clean up security hub / config alerts #1535

davidkelliott opened this issue Mar 11, 2022 · 8 comments
Assignees
@markgov
Labels
alerting security Stale

Comments

@davidkelliott
Copy link
Contributor

davidkelliott commented Mar 11, 2022
edited by markgov
Loading

User Story

We currently have security hub alerts which go off on pager duty. We need to look at these alerts and either resolve the underlying issue, or silence them and add a more reasonable alert.

For example security hub requires any failed login attempts to raise an alert. This happens occasionally and we don't need to know about this. We have to keep the original alert for security hub compliance, but we could mute that alert on pager duty and create a more useful one, such as 5 failed login attempts in a 1min period.

Value

Have alerts that when they go off we know we need to do something.

Questions / Assumptions

Definition of done

  • timebox for 1 week maximum
  • review current alerts from security hub
  • if alert is not valid, suppress the alert
  • if new ticket required to suppress raise that ticket

Reference

How to write good user stories
@davidkelliott davidkelliott added enhancement New feature or request alerting labels Mar 11, 2022
@davidkelliott davidkelliott changed the title Clean up pagerduty alerts Clean up security hub / config alerts Jul 7, 2022
@seanprivett seanprivett removed the enhancement New feature or request label Jan 31, 2023
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open 90 days with no activity.

@github-actions github-actions bot added the Stale label May 22, 2024
@markgov markgov self-assigned this Jun 25, 2024
@markgov
Copy link
Contributor

markgov commented Jun 25, 2024
edited
Loading

found two alarms that are going off the first one is
sign-in-failures GreaterThanOrEqualToThreshold 1.0 and the second is
unauthorised-api-calls GreaterThanOrEqualToThreshold 1.0
found a third
security-group-changes GreaterThanOrEqualToThreshold 1.0

@SimonPPledger SimonPPledger mentioned this issue Jun 25, 2024
Open
4 tasks
@markgov
Copy link
Contributor

markgov commented Jun 26, 2024

ministryofjustice/modernisation-platform-terraform-baselines#498
PR submitted

@markgov
Copy link
Contributor

markgov commented Jun 26, 2024
edited
Loading

PR merged and new release created will monitor alerts

@markgov
Copy link
Contributor

markgov commented Jul 1, 2024

#7376
Pr to update to the latest version

@markgov
Copy link
Contributor

markgov commented Jul 2, 2024

created an issue for an error that has been found

@markgov
Copy link
Contributor

markgov commented Jul 3, 2024

New Release created with new base count of 10 instances

@markgov markgov closed this as completed Jul 3, 2024
@markgov
Copy link
Contributor

markgov commented Jul 9, 2024

New Cloud watch alarms
#7450

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markgov markgov

Labels
alerting security Stale
Projects
Modernisation Platform
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davidkelliott @seanprivett @markgov @SimonPPledger