AWS CloudTrail High distinct count error Code

Goal

Detects a spike in distinct error codes produced in a certain period of time.

Description

Given that the time series produced by the errors is extremely noisy, we can only learn an average value and the standard deviation of it. Producing an alert when the value goes beyond a certain amount of deviations.

We will use a large number of deviations to produce the alert in order to reduce false positives.

Characteristics

Name

AWS CloudTrail High distinct count error Code

Data involved

We will use all the data incoming from the AWS CloudTrail API that contains an error Code.

Alert Generation

We will generate an alert when the model detects a spike in distinct error codes. This alert will be generated only if the amount is higher than spect. Not lower.

Raw outputs of the model

A boolean value indicating if the value is anomalous.

PreviousAWS CloudTrail rare error Message NextAWS CloudTrail High distinct count error Message

Last updated 2 months ago