Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Custom Alerting Rules

2 min read
Pronunciation
[kuhs-tuhm uh-lur-ting roolz]
Analogy
Think of custom alerting rules like setting personalized alarms on your smart home system. Instead of just having a default fire alarm, you can set a custom rule to alert you if the front door is left open for more than 5 minutes after 10 PM, or if a specific motion sensor in your office detects movement during non-business hours. You define what's unusual or critical for *your* situation.
Definition
Custom alerting rules are user-defined or administrator-configured conditions within a monitoring system that, when met, trigger an alert or notification. These rules allow organizations to tailor alerts to their specific operational needs, security concerns, or key performance indicators, rather than relying solely on default or generic alerts.
Key Points Intro
Custom alerting rules enable proactive and targeted notifications based on specific criteria relevant to a system's behavior, security, or performance.
Key Points

User-Defined Conditions: Rules are based on specific metrics, events, thresholds, or patterns set by the user.

Targeted Notifications: Provide relevant alerts, reducing noise from generic or irrelevant notifications.

Proactive Monitoring: Help identify potential issues, security incidents, or performance degradation early.

Supports Automation: Alerts can trigger automated responses or workflows.

Example
A DeFi protocol operations team sets up custom alerting rules on their smart contract monitoring platform. One rule might trigger an alert if a specific contract's balance drops by more than 20% within an hour. Another rule could alert if the number of failed transactions to a critical function exceeds 5 in a 10-minute window, potentially indicating an issue or attack. Blockchain security tools like Forta allow users to define such custom detection bots.
Technical Deep Dive
Custom alerting rules are typically configured in monitoring systems (e.g., SIEMs, APM tools, network monitoring tools, cloud monitoring services like Azure Monitor, or blockchain monitoring platforms). They often involve specifying: - **Data Source(s):** Logs, metrics, transaction data, smart contract events. - **Condition Logic:** Thresholds (e.g., CPU > 90%), patterns (e.g., specific error message in logs), frequency (e.g., X events in Y time), or complex correlations. - **Severity Level:** Critical, warning, informational. - **Notification Channels:** Email, SMS, Slack, PagerDuty, webhook to an automation system. - **Alert Content:** Information included in the alert message. Machine learning can also be used to define anomalous behavior that triggers alerts.
Security Warning
Poorly configured custom alerting rules can lead to 'alert fatigue' (too many false positives) or missed critical events (false negatives). Rules need to be regularly reviewed, tested, and tuned to ensure they are effective and relevant.
Caveat
Creating effective custom alerting rules requires a good understanding of the monitored system, potential failure modes, and relevant security threats. Overly complex rules can be difficult to manage and troubleshoot.
Related Terms
Continuous Monitoring

Custom Alerting Rules - Related Articles

No related articles for this term.