An Application Load Balancer (ALB) instance is considered non-compliant if its TLS handshake failure rate is greater than or equal to a specified value for at least 8 hours within a specific time range. This rule is not applicable if the ALB instance is not connected to Cloud Monitor or if no monitoring data is available. The default detection time range is the last 7 days. The check uses the monitoring data API of Cloud Monitor and uses the free quota of Basic Cloud Monitor. To ensure detection quality, you can enable Hybrid Cloud Monitoring. For more information about the billing of Hybrid Cloud Monitoring, see Cloud Monitor billing.
Scenarios
This rule checks whether the TLS handshake failure rate of an ALB instance is consistently high. This helps you promptly identify abnormal encrypted communications or certificate configuration issues.
Risk level
Default risk level: High.
You can change the risk level as needed.
Detection logic
An Application Load Balancer (ALB) instance is considered non-compliant if its TLS handshake failure rate is greater than or equal to a specified value for at least 8 hours within a specific time range. This rule is not applicable if the ALB instance is not connected to Cloud Monitor or if no monitoring data is available. The default detection time range is the last 7 days. The check uses the monitoring data API of Cloud Monitor and uses the free quota of Basic Cloud Monitor. To ensure detection quality, you can enable Hybrid Cloud Monitoring. For more information about the billing of Hybrid Cloud Monitoring, see Cloud Monitor billing.
Rule details
Parameter | Description |
Rule name | ALB instance TLS handshake failure rate check |
Rule identifier | |
Tag | ALB |
Automatic remediation | Not supported |
Rule trigger | Periodic |
Trigger frequency | 24 hours |
Supported resource types | ACS::ALB::LoadBalancer |
Input parameters | relativeTime (Default: 168) |