Monitoring system, an overview
Estimated reading time: 5 minutes
Zabbix is a monitoring system suitable for different IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides metrics such as network usage, CPU load, and disk space consumption. The software monitors operations on Linux, Hewlett Packard Unix (HP-UX), Mac OS X, Solaris, and other operating systems (OS);however, Windows monitoring is only possible through specific agents.
SOD offers you the service based on your needs. Once a first contact has been established, the customer is followed throughout the process of defining the perimeter and applying the monitoring system. Alert and control level are defined in accordance with the needs.
Monitoring system with and without agents
Zabbix can be used both with agents and without agents (software dedicated to collecting information in a system). Agents are optionally installed on IT components to monitor performance and collect data. The agent then responds to a centralized management server. This information is included in the reports or presented visually in the web-based graphical interface. If there is a problem with what is being monitored, the system sends a notification or warning to the user. Agentless monitoring performs the same type of monitoring by using existing resources in a system or device to emulate an agent.
The Zabbix web-based graphical interface allows users to visualize their IT environment via customizable dashboards based on widgets, charts, network maps, slideshows and reports. For example, a user can customize a report to show metrics associated with both SLAs (Service Level Agreements) and KPIs (Key Performance Indicators) on CPU loads.
The three discovery modes
The monitoring system offered works through three discovery mode options:
– Network discovery periodically scans an IT environment and records device type, IP address, status, uptime and downtime.
– Low-level discovery (LLD) automatically creates elements, triggers and graphs based on the discovered device. Low-level discovery can create metrics from Simple Network Management Protocol (SNMP) object identifiers, Windows services, Structured Query Language (SQL) queries, network interfaces, and more.
– Auto-discovery automatically starts monitoring any device discovered using a Zabbix agent.
With the distributed monitoring system, scripts run remotely collect data from multiple devices in distributed locations and combine them into a single dashboard or report, such as server availability across the country.
The system can send notifications via e-mail, sms, telephone calls, notifications via API based on predefined events in a user’s IT environment. Another way for users to stay updated on their IT environment is through vendor applications such as M7 Monitoring or applications of their own creation.
Agentless monitoring system
Zabbix offers several monitoring options in addition to agents. A simple check can verify the availability and responsiveness of a standard service, such as notifications.
Java management extensions (JMX), web monitoring, and other methods are also alternatives to using agents. In the service offered, JMX can be used to monitor Java based applications. Web monitoring is used to check the availability of websites and supports HTTP and HTTPS. The system collects data relating to the average download speed of a scenario, errors and error messages, response times and more.
The Zabbix API
The Zabbix API consists of many methods which are grouped into separate APIs, each of which performs a specific service. For example, one method to create a new host is host.create; the method to log in as administrator is user.login. Using the API, monitoring system users can create applications to work with and view desired information.
Templates are custom add-ons that extend the functionality of the monitoring system offered. Some models are made by Zabbix and come packaged with ready-to-use software, while others are built by users. Templates allow Zabbix users to monitor network devices from vendors such as Cisco, Dell, HP and Juniper. Other models can be used to monitor IBM, HP and Super Micro servers. Templates for application-based services include Microsoft Exchange and Exchange Server, Zenoss, PowerDNS, Authoritative Server Stats, and more. Templates can be created to monitor operating systems as well.
SOD provides an advanced monitoring system service that will allow you to keep your entire IT infrastructure under control. The monitoring possibilities are very wide and we have covered them in another article. The web interface facilitates the management and control for your perimeter, adding the possibility to set customized alarms and specific templates for every need.
If you are interested in the service, you can test it and see it working in our demo. Registration is required but no payment. Contact us for further questions or request a consultation, we are at your disposal.
SIEM software: what it is and how it works
ICT Monitoring Service
Acronis Active Protection: defense against ransomware
- HTTP / 3, everything you need to know about the latest version protocol
- Machine learning and cybersecurity: UEBA applications and security
- Logic Bomb: what they are and how to prevent them
- Pass the hash: how to gain access without password
- Ransomware and NAS: a risk that is not considered
- SIEM monitoring: best practices
- Cyber Threat Hunting: on the hunt for security threats
- Ethical hacking: defending knowing how to attack
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (17)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (9)
- Web Hosting (15)
- Battle for the Endpoint April 9, 2021How to build a new cyber strategy for 2021 and beyond.
- CISA Launches New Threat Detection Dashboard April 9, 2021Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
- Unofficial Android App Store APKPure Infected With Malware April 9, 2021The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
- 8 Security & Privacy Apps to Share With Family and Friends April 9, 2021Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
- Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help April 9, 2021Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
- Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own April 8, 2021White-hat hacking event shows yet again why there's no such thing as foolproof security against modern attacks.
- 600K Payment Card Records Leaked After Swarmshop Breach April 8, 2021A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
- Handcuffs Over AI: Solving Security Challenges With Law Enforcement April 8, 2021We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
- SecOps and DevOps: From Cooperation to Automation April 7, 2021Omdia Principal Analyst Eric Parizo discusses the major obstacles SecOps organizations face as they seek to build ties with DevOps teams, and offers a programmatic approach to help create a path toward DevSecOps.
- CFP ZeroNights 2021 April 10, 2021Posted by CFP ZeroNights on Apr 09ZeroNights 2021 CFP is OPEN: Offensive and defensive research (15/30/45min). Submit your talk! # About conference Place: Saint-Petersburg, Russia Date: 30 June Timeslots: 15/30/45 min Site: https://zeronights.org # CFP Timeline CFP start: 1 March CFP end: 15 May CFP page: https://01x.cfp.zeronights.ru/zn2021/ # Conditions: A speaker may deliver either a […]
- Backdoor.Win32.Small.n / Unauthenticated Remote Command Execution (SYSTEM) April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.n Vulnerability: Unauthenticated Remote Command Execution (SYSTEM) Description: The backdoor malware listens on TCP Port 1337, upon successful connection we get handed a remote shell from the infected host with SYSTEM...
- [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629) April 8, 2021Posted by Vladimir Bostanov on Apr 08Advisory ID: SYSS-2020-032 Product: Tableau Server Manufacturer: Tableau Software, LLC, a Salesforce Company Affected Version(s): 2019.4-2019.4.17, 2020.1-2020.1.13, 2020.2-2020.2.10, 2020.3-2020.3.6, 2020.4-2020.4.2 Tested Version(s): 2020.2.1 (20202.20.0525.1210) 64-bit Windows Vulnerability Type: URL Redirection to Untrusted Site (CWE-601) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2020-07-29 Solution Date:...
- Backdoor.Win32.Hupigon.das / Unauthenticated Open Proxy April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/7afe56286039faf56d4184c476683340.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.das Vulnerability: Unauthenticated Open Proxy Description: The malware drops an hidden executable named "winserv.com" under Windows dir, which accepts TCP connections on port 8080. Afterwards, it connects to a...
- Trojan.Win32.Hotkeychick.d / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/aff493ed1f98ed05c360b462192d2853.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Hotkeychick.d Vulnerability: Insecure Permissions Description: creates an insecure dir named "Sniperscan" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- Trojan-Downloader.Win32.Genome.qiw / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/5cddc4647fb1c59f5dc7f414ada7fad4.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Genome.qiw Vulnerability: Insecure Permissions Description: Genome.qiw creates an insecure dir named "tmp" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
- Trojan-Downloader.Win32.Genome.omht / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/01055838361f534ab596b56a19c70fef.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Genome.omht Vulnerability: Insecure Permissions Description: Genome.omht creates an insecure dir named "wjmd97" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
- Trojan.Win32.Hosts2.yqf / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/274a6e846c5a4a2b3281198556e5568b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Hosts2.yqf Vulnerability: Insecure Permissions Description: Hosts2.yqf creates an insecure dir named "mlekaocYUmaae" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
- usd20210005: Privileged File Write in Check Point Identity Agent < R81.018.0000 April 8, 2021Posted by Responsible Disclosure via Fulldisclosure on Apr 08### Advisory: Privileged File Write Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Version: < R81.018.0000 Vulnerability Type: Symlink Vulnerability Security Risk: High […]
- CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem April 8, 2021Posted by Gabriele Gristina on Apr 08Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem ======== < Table of Contents > ========================================= 0. Overview 1. Details 2. Solution 3. Disclosure Timeline 4. Thanks & Acknowledgements 5. References 6. Credits 7. Legal Notices ======== < 0. Overview > =============================================== Release Date: 7 March 2021 Revision: […]
ICON_PLACEHOLDEREstimated reading time: 6 minutes Out of nowhere, someone replies to an email conversation dated… https://t.co/kXIx3FPWfm
L'hacking etico e la salvaguardia del patrimonio aziendale https://t.co/SLncmaZ1ci
ICON_PLACEHOLDERTempo di lettura: 5 minutes Le ransomware gang hanno preso di mira le aziende negli ultimi tempi,… https://t.co/3hF62deo6S
ICON_PLACEHOLDEREstimated reading time: 10 minutes Ingegneria sociale è il termine usato per una vasta gamma di a… https://t.co/gj1hMDdfjn
Enterprise e piccole aziende, l'importanza di un Next Generation SIEM https://t.co/qT4PxR13Li