In order to be aware of any incidents, we need to setup an alert for captcha failures.
Refer to Investigations/nvestigation: Create-user exploit
To do
- Create an IaC variable captcha_failure_threshold with a value of 50.
- Create an IaC variable captcha_monitor window with a value of 24.
- Monitor logs as follows for /ecs/auth_pr_wme log group. Send out a medium severity alert when the captcha failures log exceed more than 50 in 24 hours period.
{"level":"error","time":"2024-01-09T03:52:00Z","caller":"createuser/createuser.go:108","msg":"captcha verification failed"}
QA / Acceptance criteria
- With a low threshold, perform some sign ups failing captcha. See that you get the alert as expected.