stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
98e6b7658467263a0ca078806871631b5e9ecc83
git.stella-ops.org/ops/devops/findings-ledger/offline-kit/alerts/findings-ledger-alerts.yaml
StellaOps Bot 98e6b76584
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Details
Add post-quantum cryptography support with PqSoftCryptoProvider 
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle.
- Added PqSoftProviderOptions and PqSoftKeyOptions for configuration.
- Created unit tests for Dilithium3 and Falcon512 signing and verification.
- Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists.
- Added KcmvpHashOnlyProvider for KCMVP baseline compliance.
- Updated project files and dependencies for new libraries and testing frameworks.
2025-12-07 15:04:19 +02:00

123 lines
4.8 KiB
YAML
Raw Blame History

# Findings Ledger Prometheus Alert Rules
# Apply to Prometheus: cp findings-ledger-alerts.yaml /etc/prometheus/rules.d/
groups:
- name: findings-ledger
rules:
# Service availability
- alert: FindingsLedgerDown
expr: up{job="findings-ledger"} == 0
for: 2m
labels:
severity: critical
service: findings-ledger
annotations:
summary: "Findings Ledger service is down"
description: "Findings Ledger service has been unreachable for more than 2 minutes."
# Write latency
- alert: FindingsLedgerHighWriteLatency
expr: histogram_quantile(0.95, sum(rate(ledger_write_latency_seconds_bucket{job="findings-ledger"}[5m])) by (le)) > 1
for: 5m
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Findings Ledger write latency is high"
description: "95th percentile write latency exceeds 1 second for 5 minutes. Current: {{ $value | humanizeDuration }}"
- alert: FindingsLedgerCriticalWriteLatency
expr: histogram_quantile(0.95, sum(rate(ledger_write_latency_seconds_bucket{job="findings-ledger"}[5m])) by (le)) > 5
for: 2m
labels:
severity: critical
service: findings-ledger
annotations:
summary: "Findings Ledger write latency is critically high"
description: "95th percentile write latency exceeds 5 seconds. Current: {{ $value | humanizeDuration }}"
# Projection lag
- alert: FindingsLedgerProjectionLag
expr: ledger_projection_lag_seconds{job="findings-ledger"} > 30
for: 5m
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Findings Ledger projection lag is high"
description: "Projection lag exceeds 30 seconds for 5 minutes. Current: {{ $value | humanizeDuration }}"
- alert: FindingsLedgerCriticalProjectionLag
expr: ledger_projection_lag_seconds{job="findings-ledger"} > 300
for: 2m
labels:
severity: critical
service: findings-ledger
annotations:
summary: "Findings Ledger projection lag is critically high"
description: "Projection lag exceeds 5 minutes. Current: {{ $value | humanizeDuration }}"
# Merkle anchoring
- alert: FindingsLedgerMerkleAnchorStale
expr: time() - ledger_merkle_last_anchor_timestamp_seconds{job="findings-ledger"} > 600
for: 5m
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Findings Ledger Merkle anchor is stale"
description: "No Merkle anchor created in the last 10 minutes. Last anchor: {{ $value | humanizeTimestamp }}"
- alert: FindingsLedgerMerkleAnchorFailed
expr: increase(ledger_merkle_anchor_failures_total{job="findings-ledger"}[15m]) > 0
for: 0m
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Findings Ledger Merkle anchoring failed"
description: "Merkle anchor operation failed. Check logs for details."
# Database connectivity
- alert: FindingsLedgerDatabaseErrors
expr: increase(ledger_database_errors_total{job="findings-ledger"}[5m]) > 5
for: 2m
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Findings Ledger database errors detected"
description: "More than 5 database errors in the last 5 minutes."
# Attachment storage
- alert: FindingsLedgerAttachmentStorageErrors
expr: increase(ledger_attachment_storage_errors_total{job="findings-ledger"}[15m]) > 0
for: 0m
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Findings Ledger attachment storage errors"
description: "Attachment storage operation failed. Check encryption keys and storage connectivity."
# Air-gap staleness (for offline environments)
- alert: FindingsLedgerAdvisoryStaleness
expr: ledger_airgap_advisory_staleness_seconds{job="findings-ledger"} > 604800
for: 1h
labels:
severity: warning
service: findings-ledger
annotations:
summary: "Advisory data is stale in air-gapped environment"
description: "Advisory data is older than 7 days. Import fresh data from Mirror."
- alert: FindingsLedgerVexStaleness
expr: ledger_airgap_vex_staleness_seconds{job="findings-ledger"} > 604800
for: 1h
labels:
severity: warning
service: findings-ledger
annotations:
summary: "VEX data is stale in air-gapped environment"
description: "VEX data is older than 7 days. Import fresh data from Mirror."
Reference in New Issue View Git Blame Copy Permalink