Average execution time elevated

firetail:average-execution-time-elevated

Type:

Detection

Rule Severity:

Info

The average execution time during a given period was >= the mean average + one standard deviation of the preceding period.

The average execution time of the API has significantly increased during a given period, exceeding the mean average plus one standard deviation of the preceding period. This suggests that the API is taking longer to process requests than usual, potentially leading to slower response times, degraded user experience, and increased resource consumption. An elevated execution time could be indicative of performance issues such as inefficient code, database bottlenecks, or issues with backend services.

Remediation

Investigate what has caused the execution times of this API to increase significantly in size.

Example Attack Scenario

An increase in execution time could also be indicative of an active attack, such as a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack. Attackers may flood the API with a large volume of requests, overwhelming the server's resources and causing execution times to spike. Here's how such an attack could manifest:

  • Denial-of-Service (DoS): An attacker might intentionally send malformed or resource-intensive requests to the API, forcing it to take longer to process each request. This could overwhelm the server and cause it to respond slowly or become unresponsive altogether.
  • Distributed Denial-of-Service (DDoS): A DDoS attack could involve a botnet sending a large number of requests to the API from different IP addresses. The sheer volume of requests would strain the system, resulting in slower execution times. This could lead to service disruptions and degraded user experience.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Average execution time reduced
API Gateway REST and WebSocket API execution logging is disabled
Plaintext API key
Missing rate limit headers
Average combined payload size elevated
AWS ALB logging is not enabled