Mozilla Security iprepd Reputation Alerts

Monitors iprepd log events and generates notices when the reputation of a given IP falls below certain thresholds (<=75, <=50, <=25).

The alerting key is generated based on the passed threshold and the IP address, to suppress further notifications about changes within a given window.

If enable_metrics is true, the module will submit metrics events for collection by the metrics output sandbox. Ensure process_message_inject_limit is set appropriately, as if enabled process_event will submit up to 2 messages (the alert, and the metric event).

1. Sample Configuration

filename = "moz_security_tb_alerts.lua"
message_matcher = "Type =~ 'logging.iprepd.app.docker'%"
ticker_interval = 0
process_message_inject_limit = 1

prefix = "hhfxa" -- define a prefix to include with the alert messages

-- module makes use of alert output and needs a valid alert configuration
alert = {
    modules = { }
}

-- enable_metrics -- optional, if true enable secmetrics submission

source code: moz_security_iprepd_alerts.lua

results matching ""

No results matching ""