oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-08 13:59:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add code blocks

Browse source
This commit is contained in:
MulliganSecurity 2025-06-06 17:18:06 +02:00
parent a70be9f6e9
commit 2490348b65
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
simplexalerts/index.md
View file

@ -27,16 +27,20 @@ Simple threshold-based alert are reactive by nature, but their automated monitor
- Threshold-based: a [SMARTCTL](https://en.wikipedia.org/wiki/Smartctl) alert creating a notification when any hard drive within your infrastructure crosses a pre-failure threshold
~~~
smartctl_device_attribute{attribute_flags_long=\~".*prefailure.*", attribute_value_type="value"}
<=
on (device, attribute_id, instance, attribute_name)
smartctl_device_attribute{attribute_flags_long=\~".*prefailure.*", attribute_value_type="thresh"}
~~~
- Statistical (anomaly detection): CPU spike or under-use
~~~
cpu_percentage_use > (avg_over_time(cpu_percentage_use[5m]) + (3* stddev_over_time(cpu_percentage_use[5m])))
OR
cpu_percentage_use < (avg_over_time(cpu_percentage_use[5m]) - (3* stddev_over_time(cpu_percentage_use[5m])))
~~~
## Associated Risks