Threat Security

Security Analytics

Configure defense modifiers to block credential stuffing and lock scaling bounds during cyber incidents.

The Scale-Down Vulnerability

A common attack vector against autoscaling APIs is a resource degradation DDoS. Attackers flood a cluster endpoint, forcing the orchestrator to scale out. Once the attack stops, the cluster quickly scales back down. If the attacker alternates this pattern, the cluster gets stuck in a constant loop of container creation and deletion, exhausting API resources.

LogStrata solves this by enforcing a Minimum Replica Scale Lock during security events, preventing pods from being deleted for a safety cooldown period.

Dynamic IP Blocklisting

When brute-force logins or application-level flood patterns are detected, LogStrata parses the logs, isolates the offending client IPs, and writes them directly into an Nginx Ingress ConfigMap:

# Ingress IP Blocklist Policy Spec
spec:
  threatMetrics:
    - type: RegexPatternMatch
      pattern: "auth_failed"
      thresholdPerMinute: 60
      action:
        - type: IPBlocklist
          duration: "30m"
          blocklistConfigMap: "nginx-blocked-ips"

LogStrata monitors this ConfigMap and issues a reload trigger to Nginx Ingress Controllers, blocking matching TCP connections at the edge in less than 5 seconds.

Security Compliance Audit Log

Every scaling modifier and blocked IP action is written to a tamper-proof SIEM audit log. You can stream these security events to Splunk, Datadog, or Elasticsearch for compliance verification.