You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As an analyst I want to know when any website, web service, or important DNS provider is being blasted off the internet (or is simply offline).
Create a end to end skeleton that can detect when a site is suspected offline because of outage or attack.
For the skeleton, and on the B stream.
todo: Figure out way to communicate HA to owners that isn't through the app.
todo: Clean up reqs.
Must Have
ACL
Super Admins share all the domains labelled 'Monitor for Service Interruption'.
Super Admins can remove the 'Monitor for Service Interruption' tag that Org Admins/Owners set
Org Admins/Owners share all the domains they label as 'Monitor for Service Interruption'.
Org Admins/Owners can not remove the 'Monitor for Service Interruption' of Super Admins
Logging
When an Org Admin/Owner adds a domain to the 'Monitor for Service Interruption' the event is logged in the activity log of that org.
When an Org Admin/Owner removes the label 'Monitor for Service Interruption' the event is logged in the activity log of that org.
When a domain is unreachable for 3 consecutive blocks an event is logged in the activity log '[domain] not reachable for 45 minutes straight.
General Requirements
Allow Super Admins to tag domains with a private tag called 'Monitor for Service Interruption'. This takes domains and adds them to the /uptime-monitoring list.
from /domains
from /domains/website
from /uptime-monitoring
All domains tagged with 'Monitor for Service Interruption' are checked every 15 minutes (a block).
Scan from 2 different clouds, 2 different regions
Use a different IP address every check,
If a site is down for 3 consecutive blocks notify a CSEMP distribution list,
If more than 3 go down during the same 15 minute time slot, yellow alert
Attempt to fetch websites and web services using a HTTP request.
Always log the IP address used during the fetch.
Set the user agent to (Tracker)
If the domain returns a successful HTTP response (200 OK status), it's considered up.
If there's a 4xx or 5xx error code, consider the site up (do nothing) <------------- ??????
If there's a 429 error code, notify the tracker developers
if no response within 15 seconds consider the site down
all gaps in scanning data for a block is displayed as 'no data'.
No pagination on either page
Allow alphabetical sorting
allow sorting by most recent downtime
Allow in-page filtering (filter on domain name , filter on has downtime in last 24 hours)
Show if a domain is protected by DDoS protections
Allow users to single-click on a domain and report via email if something is wrong.
Keep all data forever, but
/uptime-monitoring show only last 96 hours
/domains/website/uptime show only last 30 days
/uptime-monitoring page auto-refreshes every 15 minutes
//domains/website/uptime page auto-refreshes every 15 minutes
Nice to Have
Create a canned report for a time period
Create a negative score for a domain if 'monitor for service interruption' is true and the domain lacks DoS protections.
In the monthly report to org admins/owners show which domains have a lack of DoS protections
Offer org admins/owners the ability to tag for their own 'monitor for service interruption'. Org admins/owners can only monitor domains associated with their organization. Org
org admins/org owners can or can't override a super admins <------------ ???????????
integration into level 2 support.
The text was updated successfully, but these errors were encountered:
Examine the HTTP response headers of the website using tools like browser developer tools, curl, or online services. Certain headers may indicate the use of DDoS protection services. For example, Cloudflare often includes headers like cf-ray or server: cloudflare.
Look for Interstitial Pages or CAPTCHAs: Detect websites that are protected by services like Cloudflare. Some sites show an interstitial page or a CAPTCHA challenge when they detect unusual traffic.
Inspect Website's SSL Certificate: Check the website’s SSL certificate details. If the certificate is issued by a DDoS protection provider or mentions them, it's likely the site is using their services.
Observe Network Path with Traceroute: Traceroute to identify the network path to the website. If the path includes known IP ranges of DDoS protection providers, it suggests the site is using their services.
As an analyst I want to know when any website, web service, or important DNS provider is being blasted off the internet (or is simply offline).
Create a end to end skeleton that can detect when a site is suspected offline because of outage or attack.
For the skeleton, and on the B stream.
todo: Figure out way to communicate HA to owners that isn't through the app.
todo: Clean up reqs.
Must Have
ACL
Logging
General Requirements
Allow Super Admins to tag domains with a private tag called 'Monitor for Service Interruption'. This takes domains and adds them to the /uptime-monitoring list.
All domains tagged with 'Monitor for Service Interruption' are checked every 15 minutes (a block).
Attempt to fetch websites and web services using a HTTP request.
No pagination on either page
Allow alphabetical sorting
allow sorting by most recent downtime
Allow in-page filtering (filter on domain name , filter on has downtime in last 24 hours)
Show if a domain is protected by DDoS protections
Allow users to single-click on a domain and report via email if something is wrong.
Keep all data forever, but
/uptime-monitoring page auto-refreshes every 15 minutes
//domains/website/uptime page auto-refreshes every 15 minutes
Nice to Have
The text was updated successfully, but these errors were encountered: