FAQ: Rate Limits on Rules

Sometimes customers create rules that trigger excessive alerts. Since large numbers of alerts from one rule do not provide value and can degrade the performance of the Threat Stack Cloud Security Platform (CSP), Threat Stack now rate limits alerts.
What does "excessive alerts" mean?
When a Rule triggers 200 alerts per minute. Excessive alerts trigger the rate limit.
What will I see when a Rule rate limits?
The Rule automatically disables in the UI. You do not receive any additional alerts from the Rule. However, if the Rule does not trigger the rate limit for one consecutive hour, then the Rule automatically re-enables.
How do I fix this?
Threat Stack will reach out to the customer and assist in identifying the goal of the Rule triggering the rate limit. Threat Stack will assist the customer in tuning the rule so it meets the customer's goal without hitting the rate limit.
Was this article helpful?
0 out of 0 found this helpful