Release 09/26

.github/workflows/pr-checks.yml

@@ -1,10 +1,11 @@
-name: Validate PR Artifact
+name: PR Validation
 
 on:
   pull_request:
 
 jobs:
   validate:
+    name: Validate Artifact
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -16,6 +17,7 @@ jobs:
       - name: Validate PR Artifact
         uses: "./.github/actions/build-validate-artifact"
   validate-quickstart-ids:
+    name: Validate Quickstart IDs
     runs-on: ubuntu-latest
     if: ${{ github.base_ref == 'main' && github.head_ref == 'release' }}
     steps:

README.md

@@ -11,7 +11,7 @@ New Relic One quickstarts help accelerate your New Relic journey by providing im
 - Clear instructions for instrumenting your services
 - Observability building blocks like dashboards and alerts
 
-All of this is available through our [Instant Observability](https://developer.newrelic.com/instant-observability) open source ecosystem where New Relic developers, partners, and customers contribute their best-practice solutions.
+All of this is available through our [Instant Observability](https://developer.newrelic.com/instant-observability) open source ecosystem where New Relic developers, partners, and customers contribute their best practice solutions.
 
 ## New Relic One Instant Observability
 
@@ -23,7 +23,7 @@ You can search for all the available quickstarts in the [New Relic Instant Obser
 
 > Review our comprehensive [Developer Guide](https://developer.newrelic.com/contribute-to-quickstarts/) to get starting building your quickstart!
 
-Head over to our [contributing guide](./CONTRIBUTING.md) to learn how to define your own quickstart! 
+Head over to our [contributing guide](./CONTRIBUTING.md) to learn how to define your own quickstart!
 
 ## Support
 
@@ -48,4 +48,3 @@ If you believe you have found a security vulnerability in this project or any of
 ## License
 
 New Relic One quickstarts is licensed under the [Apache 2.0](http://apache.org/licenses/LICENSE-2.0.txt) License.
-

alert-policies/ocsf/SecurityFindingsOverTime.yml

@@ -0,0 +1,37 @@
+name: Security Findings Over Time
+
+description: |+
+  This alert is triggered when the Security findings over time exceeds 10 times for 5 minutes.
+
+type: STATIC
+nrql:
+  query: "SELECT count('Finding/Uid') as findings from ocsfSecurityFinding"
+
+# Function used to aggregate the NRQL query value(s) for comparison to the terms.threshold (Default: SINGLE_VALUE)
+valueFunction: SINGLE_VALUE
+
+# List of Critical and Warning thresholds for the condition
+terms:
+  - priority: CRITICAL
+    # Operator used to compare against the threshold.
+    operator: ABOVE
+    # Value that triggers a violation
+    threshold: 15
+    # Time in seconds; 120 - 3600
+    thresholdDuration: 300
+    # How many data points must be in violation for the duration
+    thresholdOccurrences: ALL
+  - priority: WARNING
+    # Operator used to compare against the threshold.
+    operator: ABOVE
+    # Value that triggers a violation
+    threshold: 10
+    # Time in seconds; 120 - 3600
+    thresholdDuration: 300
+    # How many data points must be in violation for the duration
+    thresholdOccurrences: ALL
+
+
+# Duration after which a violation automatically closes
+# Time in seconds; 300 - 2592000 (Default: 86400 [1 day])
+violationTimeLimitSeconds: 86400

alert-policies/ocsf/SecurityHighRisk.yml

@@ -0,0 +1,37 @@
+name: Security High Risk Findings
+
+description: |+
+  This alert is triggered when the high security risk level is exceeds 3 for 5 minutes.
+
+type: STATIC
+nrql:
+  query: "SELECT count(*) as HighRisk from ocsfSecurityFinding WHERE risk_level='High'"
+
+# Function used to aggregate the NRQL query value(s) for comparison to the terms.threshold (Default: SINGLE_VALUE)
+valueFunction: SINGLE_VALUE
+
+# List of Critical and Warning thresholds for the condition
+terms:
+  - priority: CRITICAL
+    # Operator used to compare against the threshold.
+    operator: ABOVE
+    # Value that triggers a violation
+    threshold: 5
+    # Time in seconds; 120 - 3600
+    thresholdDuration: 300
+    # How many data points must be in violation for the duration
+    thresholdOccurrences: ALL
+  - priority: WARNING
+    # Operator used to compare against the threshold.
+    operator: ABOVE
+    # Value that triggers a violation
+    threshold: 3
+    # Time in seconds; 120 - 3600
+    thresholdDuration: 300
+    # How many data points must be in violation for the duration
+    thresholdOccurrences: ALL
+
+
+# Duration after which a violation automatically closes
+# Time in seconds; 300 - 2592000 (Default: 86400 [1 day])
+violationTimeLimitSeconds: 86400