RedELK icon indicating copy to clipboard operation
RedELK copied to clipboard

Published 20 hours ago verified publisher icon outflanknl

New alarm: alarm_domainchange :bluecheck index alarm - any change of domain classification

Open xychix opened this issue 4 years ago • 2 comments

I would like to see the following alarms added as part of alarm.py:

alarm for status change of domain classifications in bluecheck index. Alarm on any change!

xychix avatar Nov 27 '20 14:11 xychix

Should include a way to handle the situations where we are blocked by or get an error from one of the domain classifiers. For example, if the most recent check includes 'error', maybe wait an iteration and check if the error persists. If the error persists, also give an alarm to notify red team operators that the domain classification alarm isnt working anymore for that domain classifier. Same for 'Blocked'.

MarcOverIP avatar Nov 27 '20 15:11 MarcOverIP

After discussion with @fastlorenzo, decided that this first needs restructuring of how we handle domain info. So this is pending on #270

MarcOverIP avatar Aug 19 '22 11:08 MarcOverIP