raif-ahmed/nv_alerts.yml

## nv_alerts.yml
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: neuvector-monitoring
  namespace: neuvector
spec:
  groups:
    - name: neuvector
      rules:
        - alert: neuvectorEnforcerDown
          annotations:
            description: 'Enforcer members are down.'
            summary: Enforcer members are down.
          expr: |-
              max without (endpoint) (sum without (instance) (up{job=~".*neuvector.*"} == bool 0)) > 0
                or
              (nv_summary_hosts{job=~".*neuvector.*"} / ignoring(group,instance,pod,job) nv_summary_enforcers{job=~".*neuvector.*"}) != 1
          for: 5m
          labels:
            severity: critical
        - alert: neuvectorEnforcerDisconnected
          annotations:
            description: 'Enforcer members are disconnected.'
            summary: Enforcer members are disconnected.
          expr: nv_summary_disconnectedEnforcers != 0
          for: 5m
          labels:
            severity: critical
        - alert: neuvectorCveDbOld
          annotations:
            description: 'CVE DB is more than 5 days old.'
            summary: CVE DB is more than 5 days old.
          expr: ((time() - nv_summary_cvedbTime/1000) / 3600 / 24 - 5 ) > 0
          for: 12h
          labels:
            severity: critical
        - alert: neuvectorContainerVulnerabilityHigh
          annotations:
            description: >-
              Workload Container "{{ $labels.exported_service }}", is having  "{{ $value }}" high Vulnerability score .
            summary: Workload is having high Vulnerability.
          expr: >
            nv_container_vulnerabilityHigh > 20
          for: 2h
          labels:
            severity: warning
        - alert: neuvectorViolationLog
          annotations:
            description: >-
              Workload "{{ $labels.fromname }}" Container "{{ $labels.pod }}" on instance "{{ $labels.instance }}" is generating "{{ $labels.log }}"
              of type "{{ $labels.name }}"
            summary: Workload is having rule violation.
          expr: >
             nv_log_events{job=~".*neuvector.*"}
          for: 5m
          labels:
            severity: warning
	apiVersion: monitoring.coreos.com/v1
	kind: PrometheusRule
	metadata:
	name: neuvector-monitoring
	namespace: neuvector
	spec:
	groups:
	- name: neuvector
	rules:
	- alert: neuvectorEnforcerDown
	annotations:
	description: 'Enforcer members are down.'
	summary: Enforcer members are down.
	expr: \|-
	max without (endpoint) (sum without (instance) (up{job=~".neuvector."} == bool 0)) > 0
	or
	(nv_summary_hosts{job=~".neuvector."} / ignoring(group,instance,pod,job) nv_summary_enforcers{job=~".neuvector."}) != 1
	for: 5m
	labels:
	severity: critical
	- alert: neuvectorEnforcerDisconnected
	annotations:
	description: 'Enforcer members are disconnected.'
	summary: Enforcer members are disconnected.
	expr: nv_summary_disconnectedEnforcers != 0
	for: 5m
	labels:
	severity: critical
	- alert: neuvectorCveDbOld
	annotations:
	description: 'CVE DB is more than 5 days old.'
	summary: CVE DB is more than 5 days old.
	expr: ((time() - nv_summary_cvedbTime/1000) / 3600 / 24 - 5 ) > 0
	for: 12h
	labels:
	severity: critical
	- alert: neuvectorContainerVulnerabilityHigh
	annotations:
	description: >-
	Workload Container "{{ $labels.exported_service }}", is having "{{ $value }}" high Vulnerability score .
	summary: Workload is having high Vulnerability.
	expr: >
	nv_container_vulnerabilityHigh > 20
	for: 2h
	labels:
	severity: warning
	- alert: neuvectorViolationLog
	annotations:
	description: >-
	Workload "{{ $labels.fromname }}" Container "{{ $labels.pod }}" on instance "{{ $labels.instance }}" is generating "{{ $labels.log }}"
	of type "{{ $labels.name }}"
	summary: Workload is having rule violation.
	expr: >
	nv_log_events{job=~".neuvector."}
	for: 5m
	labels:
	severity: warning