Email alerts - PingIntelligence for APIs

Email alerts - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

When you configure alerts, they use the following template:

Event: <the type of event>
Value: <the specific trigger for the event>
When: <the date and time of the event>
Where: <the IP address or hostname of the server where the event occurred>

The following is an example alert you might receive:

Event : high memory usage
Value : 82.19%
When : 2019-May-16 18:30:00 PST
Where : vortex-132

Email alerts are sent based on the following event categories:

System resource

System resources are polled every 30 minutes to calculate usage. An email alert is sent if the value exceeds the defined threshold.

The following system resources are monitored:

CPU: Average CPU usage for a 30 minute interval.
Memory: Memory usage at the 30th minute.
Filesystem: Filesystem usage at the 30th minute.

Configuration

When configuration changes occur, an email alert is sent for these events:

Adding or removing an API
Adding or deleting a server
Nodes of a cluster are UP or DOWN

Decoy API

When decoy APIs are accessed for the first time, an email alert is sent. The time between consecutive alerts is set using decoy_alert_interval in the ase.conf file. The default value is 180 minutes.

Note:

For more information on decoy APIs, see In-Context decoy APIs.

ASE-ABS log transfer and communication

ASE sends an alert in the following two conditions:

Access Log transfer failure: When ASE is unable to send access log files to API Behavioral Security (ABS) for more than an hour, ASE sends an alert with the names of the log files.

ASE-ABS communication failure

When interruptions occur in ASE-ABS communication, an alert is sent identifying the error type. The email also mentions the current and total counter for the alert. The current counter lists the number of times that failure happened in the last hour. The total counter lists the total number of times that error has occurred since ASE was started.

ABS seed node resolve
ABS authentication
ABS config post
ABS cluster INFO
ABS service unavailable
Log upload
Duplicate log upload
Log file read
ABS node queue full
ABS node capacity low
ABS attack type fetch

The following alerts are logged in the controller.log file when email alerts are disabled (enable_email=false) in the ase.conf file:

High CPU use
High memory use
High filesystem use
Adding API to ASE
Removing API from ASE
Updating and API
Adding a backend server
Removing a backend server
ASE cluster node available
ASE cluster node unavailable
Backend server state changed to UP
Backend server state changed to DOWN
Log upload service failure
Error while uploading file
Invalid ASE license file
Expired ASE license file