With Great Power Comes Great Responsibility (Managing False Positives)

webcrawler-managing-false-positivesAs all good “web crawlers” know, when generating website alerts that may wake up a team of devops and support staff at 2:00 AM, you want to make sure you have detected an actual problem by managing false positives.

The more granular the website monitoring that you set up, the more opportunities arise to report false positives.  To some people, if a cascading style sheet is missing, the webpage is considered broken because the information is not being presented in the optimal format.  Others may not consider this a problem unless their entire website is reporting a 400 or 500 error and nothing is displayed in a web browser.  Somewhere in between those extremes are people that may not care if the Facebook share icon is missing while they most definitely care if their company logo is missing.  These different alerting filters show how powerful the Dotcom-Monitor solutions are by letting users define their own levels of alert sensitivity.

When you begin monitoring a new target, you may receive email alerts soon after setup because minor elements on the monitored device are triggering errors.  Once you understand how to apply filters to alerts and reports, it is much easier to eliminate such false positives.  Depending on the type of monitor you are running, there are several options for filtering out false positives and alerting the proper users:

Managing False Positives

  • Ignoring certain error codes – (ignore all 404 errors, for example)
  • Ignoring error types – (for example: runtime, cryptographic, or certificate errors)
  • Performing false positive checks to confirm the error
  • Selecting a number of locations – Only alert if errors are detected from more than x locations
  • Setting escalation chains – Only send an alert to a group after x minutes of errors
  • Setting time between alerts- Wait to send another alert for x minutes
  • Ignoring all – Ignore errors coming from a specified domain (to ignore 3rd party content errors)
  • Allowing only – Only send alerts coming from the specified domain
  • Schedule based alerts – Only send alerts if they occur during a specified schedule
  • Suppress related alerts (if a firewall is down, do not send alerts from sites behind it)

As you can see, with so many alerting options and filters, setting up and tweaking your monitoring tasks may take some time. If this sounds complex don’t worry because the Dotcom-Monitor support team is ready to help 24×7.  Simply login and submit a support ticket or contact us and we will help you customize your alerts to help with managing false positives.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print