Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Security Dashboard
- Nagios Log Server
16028
File | Description |
---|---|
NMAP_Scans.json | NMAP Scans Query |
Security Dashboard-1417731761229 | Security Dashboard |
Threat_Analysis.json | Threat Analysis Query |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
The second query looks for "Port scan detected" and relies on syslog messages sent from PSAD (Port Scan Automated Detection) running on a system. It analyzes iptables logs and alerts when a port scan is being run.
Taken together, these two queries and the dashboard can give a timeline of a potential attack taking place:
1.) Scans are run looking for open services ("Port scan detected")
2.) Common SSH logins are attempted ("Failed password")
3.) Failing that, the attacker finds a possibly-exploitable program and begins testing ("segfault")
4.) If the attacker gets in, he might create a user for himself or delete one ("new user")
Since /var/log/messages and /var/log/secure are present on nearly every Linux system, this dashboard (even without the PSAD query) can be used in many environments with little to no setup required.
Reviews (0)
Be the first to review this listing!