Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 APIM currently supports the following alert types.

...

 

Reason for triggeringIf there is a sudden increase in the response time of a specific API resource.
IndicationSlow WSO2 API Manager runtime, or slow backend.
DescriptionIf the response time of a particular API resource (e.g., GET /API1/1.0/user/1) of a tenant, lies outside the Xth percentile value, an alert is sent. Default percentile value is 95%. Here, it is assumed that the response time of an API resource follows a normal distribution. Percentile value gets calculated daily by default.

 

Abnormal backend time 

Reason for triggeringIf there is a sudden increase in the backend time corresponding to a particular API resource.
IndicationSlow backend
DescriptionAn alert is sent if the backend time of a particular API resource (e.g., GET /calc/1.0/numbers) of a tenant lies outside the Xth percentile value. Default percentile value is 95%. Here, it is assumed that the corresponding backend time of an API resource follows a normal distribution. The percentile value gets calculated daily by default.

...

Reason for triggeringIf there is a change in the resource access pattern of a user who uses a particular application.
IndicationThese alerts can be considered as indications of suspicious activities done by one or more users in your application.
Description

A Markov Chain model is built for each application to learn its resource access pattern. For the purpose of learning the resource access patterns, no alerts are sent during the first 500 (default) requests. After learning the normal pattern of a specific application, WSO2 Analytics performs a real time check on a transition done by a specific user, and sends and alert if it is identified as an abnormal transition.For a transition to be considered valid, it has to occur within 60 minutes by default, and it should be by the same user.

Image RemovedImage Added

The above diagram depicts an example where a Markov Chain model is created during the learning curve of the system. Two states are recorded against Application A and the arrows show the directions of the transitions. Each arrow carries a probability value that stands for the probability of a specific transition taking place. Assume that the following two consecutive events are received by the application from user john@abc.com.

  1. DELETE /API1/number/1
  2. DELETE /API1/number/3

The above transition has happened from the DELETE /API1/number/{x} state to itself. According to the Markov chain model learnt by the system, the probability of this transition occurring is very low. Therefore, an alert is sent.

...

Reason for TriggeringIf there is either a change in the request source IP for a specific API of an application, or if the request if from an IP used before 30 days (default).
IndicationThese alerts can be considered as indications of suspicious activities carried out by a user over an API of an application.
Description

Image RemovedImage Added

The first 500 requests are used only for learning purposes by default and therefore, no alerts are sent during that time. However, the learning would continue even after the first 500 requests. This means, even if you receive continuous requests from the newly detected IP2 IP, you are alerted only once. 

...

Reason for Triggering

This alert is triggered in the following scenarios.

  • If a particular application is throttled for reaching a subscribed tier limit more than the specified number of times during a defined period (10 times within a day by default).
  • If a particular user of an application is throttled for reaching a subscribed tier limit of a specific API more than the specified number of times during a defined period (10 times within a day by default).

Image RemovedImage Added

IndicationThese alerts indicate that you need to subscribe to a higher tier.

...