BTP Subaccount - Custom Checks

Here you will find detailed information about Custom Checks for BTP Subaccount monitored objects.

Custom checks are chosen, adapted and deployed by you for one or more monitored objects and they are designed to allow quick and easy fulfilling of business monitoring requirements. Avantra custom checks are a mix of no-code, low-code and pro-code extensions to the Avantra AIOps platform. Each monitored object type has a number of custom check capabilities.

All custom checks within Avantra have a number of standard or common attributes. For more information please review our page on Custom Checks.

BTP_AUDIT_EVENTS

Description

This custom check lists a configurable selection of Cloud Foundry Documentation - Audit Events that have occurred across the entire organization.

The check is configured to return a Warning, Critical (which is the default state), or Unknown check status if any events are found that match the configured filter.

It is possible to defined how far into the past the check should look for Audit Events.

Reference Data
Managed Object

SAP BTP Subaccount
Depends on

N/A
Configuration

  • Define an Audit Type for the check to search for. Leaving this field blank will include all types in the search.

  • Define a Space for the check to search for. Leaving this field blank will include all spaces in the search.

  • Define a Status. By default, the check will return a Critical status.

  • Toggle whether to include Take events since last run. If checked, the check will include events since the last run of the check (defined in the Execution field). If unchecked, the check will only look back by the time (in minutes) as defined in the Retrieve Audit Events Past field.

  • Define a time (in minutes) in the Retrieve Audit Events Past field. By default, this is set to 1440 minutes (24 hours). This time will be used if the Take events since last run checkbox is not checked.

BTP_SECURITY_GROUPS

Description

This custom check works by permitting egress traffic from Cloud Foundry Applications in the format of a firewall. It checks if the Application Security Groups set in each space for running and staging are either allowing or not allowing the custom network access requirements.

Validations can be configured to ensure access to specific subnets, ports, and protocols is either allowed or not allowed.

Reference Data
Managed Object

SAP BTP Subaccount
Depends on

N/A
Configuration

A single line entry for a validation, defined by:

  • A Name

  • Defining either a Single IP or a CIDR. This field can be left blank, which will result in the check passing if any port is allowed.

  • Defining a Port, as either a single port number or as -1. -1 will be treated as any port being allowed.

  • A Protocol.

  • Defining an ICMP type with a value between 0-255. Defining as -1 will result in the check passing if any ICMP is allowed.

  • Defining an ICMP code with a value between 0-255. Defining as -1 will result in the check passing if any ICMP is allowed.

  • Selecting an option for Desired to Connect (Running).

  • Selecting an option for Desired to Connect (Staging).

BTP_SPACES_SEGREGATION_OF_DUTIES

Description

This custom check is configured by defining two Cloud Foundry spaces, and returns a {Critical} check status if a user has the roles _Space Developer or Space Manager in both of the spaces. The check can be configured to ignore user that also have Org Manager roles, or specific users.

Reference Data
Managed Object

SAP BTP Subaccount
Depends on

N/A
Configuration

  • Define the spaces in Space name (1) and Space name (2).

  • The Ignore Org Manager checkbox, when ticked, will exclude users with the role from the check.

  • Define specific users to be ignored in the Ignore users field.

BTP_USER_ROLE_ASSIGNMENTS

Description

This custom check lists Cloud Foundry users with, or without:

  • Specific roles

  • Specific spaces

  • Specific specific origins

  • Specific usernames.

Users or role assignments are checked to verify if they have been modified within a past configured time frame, or within the last check run.

Warning and Critical check status thresholds can be set, as well as setting the check status to Warning, Critical, or Unknown if users or role assignments have been modified.

The check can be configured to include or exclude roles, spaces, origins, and usernames.

Reference Data
Managed Object

SAP BTP Subaccount
Depends on

N/A
Configuration
Warning and Critical check status thresholds

Minimum and maximum user values for both Warning and Critical check statuses. If fields are left empty, they will be ignored.

For minimum values, if the number of users is less than the defined value, the relevant check status is returned.

For maximum values, if the number of users is greater than the defined value, the relevant check status is returned.

Critical status values supersede Warning values.

Check if user modified

When checked, the check will locate and return any modified users.

Check if assignment modified

When checked, the check will locate and return any modified role assignements.

Status if modified

If the check is locating any modified users and/or role assignments, Warning, Critical, or Unknown can be defined as the check status.

Included and excluded items

  • Included and Excluded Roles are defined from selector lists.

  • Included and Excluded Spaces defines whether to include or exlcude Space Auditor, Space Developer, Space Manager, and Space Supporter from being included in the check.

  • Included and Excluded Origins.

  • Included and Excluded Usernames.