Metrics and Monitoring

BinaryAlert automatically generates logs, custom metrics, alarms, and a dashboard to help you visualize its performance. These are all part of the AWS CloudWatch service.


Each BinaryAlert Lambda function logs information about its execution; logs are saved for 60 days (by default) and are accessible from AWS CloudWatch.

Custom Metrics

In addition to the wide array of metrics provided automatically AWS, BinaryAlert publishes the following custom metrics in the BinaryAlert namespace:

Metric Name Unit Description
AnalyzedBinaries Count Number of binaries analyzed
BatchEnqueueFailures Count Number of SQS messages that failed to enqueue
MatchedBinaries Count Number of binaries which matched a YARA rule
S3DownloadLatency Milliseconds Time to download binaries from S3
YaraRules Count Number of compiled YARA rules

Metric Alarms

BinaryAlert creates metric alarms which trigger if BinaryAlert behavior is abnormal. Similar to adding SNS subscriptions for YARA match alerts, you will need to configure subscriptions for the NAME_PREFIX_binaryalert_metric_alarms SNS topic if you want to be notified about metric alarms.

Alarms can be configured from the terraform/terraform.tfvars configuration file, or else by directly modifying terraform/ The alarm defaults are as follows:

Namespace Metric Name Alarm Condition
AWS/DynamoDB ThrottledRequests > 0
AWS/Lambda Errors > threshold (for each Lambda function)
AWS/Lambda Throttles > 0 (for each Lambda function)
AWS/SQS ApproximateAgeOfOldestMessage >= 30 minutes
BinaryAlert AnalyzedBinaries == 0 for an hour
BinaryAlert BatchEnqueueFailures > 0
BinaryAlert YaraRules < 5

The description for each alarm includes context and troubleshooting information.


The aforementioned metrics (and many others) are aggregated into a single BinaryAlert dashboard at the following URL (substitute your region for us-east-1):