Zabbix: Web console for monitoring
An indispensable tool for keeping complex infrastructure controlled is a monitoring system. Secure Online Desktop (SOD) Web Console does just that: it offers the tools to control a network of machines and devices to verify its efficiency. Web Console is based on Zabbix, a scalable Open Source platform with huge capabilities.
Among the advantages of the SOD Web Console, there are the possibility of using agent less under some circumstances the great possibility of customization. The platform offered allows scripting in various languages, including Python, Perl or directly in the shell, just to give examples.
Monitoring with Web Console and Zabbix
To collect data from the infrastructure, it is necessary to install so-called software agents for the machines to be monitored. These software use native processes and free from the need to have dedicated environments such as Java or .Net.
The data collected by the agents are sent to a server that collects all the metrics and provides them to the console. From here it is then possible to analyze them, manipulate them and set triggers of notifications or automations useful for management.
When communicating between the components of the Zabbix monitoring system, only authorized IPs are accepted. Since the other connections are not accepted, security is guaranteed during data transfers between the software.
Web Console functionality
Every aspect of the infrastructure can be monitored through the Web Console offered by SOD. Even if it is not possible to install additional software, there is a limited control action without agents installed. This solution allows you to collect metrics on the responsiveness and availability of standard services, such as mail or web servers.
Scalability of data collection
The Zabbix system offered by the SOD Web Console is able to recover data and metrics from any device or software. Through the use of different control protocols, the available software agents are able to collect any type of data.
Through the Zabbix agents used, the data collected is complete and includes both hardware and software metrics.
For example, metrics from infrastructure network hardware are collected by SNMP agents. An optimal solution for network capacity management and planning. The measurements include the use of memory, CPU, RAM and the status of the logical ports of the controlled peripherals.
The controls include more levels of system complexity. Agents can collect information from:
– Hardware (CPU, fans, storage media, etc.)
– Network (ports used, memory usage, etc.)
– Operating systems (Unix, Windows, MacOs, etc.)
– Middleware software (Oracle, MySql, Apache, etc.)
– Web applications
– Cloud resources
Monitoring web services
The built-in system for monitoring web services is worthy of specific mention.
Through the use of this function, it is possible to define the sequential steps to be performed for the analysis of a website. It is possible to monitor the site response speed and downloads, for example. But also availability, as well as data relating to e-commerce portals and other web based applications.
SOD Web Console is scalable and adaptable to the size of the infrastructure. From the small corporate IT network, to even very complex solutions from thousands of machines and devices. A single installation can support up to 3,000,000 checks per minute, collecting gigabytes of data per day.
Furthermore, through the use of proxy software components, it is possible to distribute the data collection and decentralize the calculation operations. In this way the control of ports and connections is more easily managed.
You can organize your network into sections where metrics are collected and calculated independently. The proxy in charge of the calculation will be the only connection outgoing from the subsystem.
Notifications and triggers
An efficient monitoring strategy provides not only the collection of data, but also a system for which any anomaly is reported in order to be able to intervene promptly.
The SOD Web Console implements a customizable system of triggers and notifications to be always informed in case something is not going as it should.
Ideally, once the first data is collected, the thresholds of values considered “normal” are established. On the basis of these, a notification system is customized which immediately communicates the exceeding of a safety threshold of certain parameters.
The management of metrics is thus very lightened by an automatic verification of their values. When a parameter presents an anomalous value, one would be immediately informed.
The notification methods supported are: email, SMS, Jabber or through other methods customizable through scripting.
How to request and install Web Console
It is possible to request SOD Web Console after a first initial meeting with our network architect. On that occasion, the computer perimeters of the network to be monitored and what the alarm notification modes are defined.
After this first step, our team will take care of installing all the software needed to collect metrics on the systems involved. Once these operations are completed, the system will be ready and accessible from a console in the cloud. The access data are provided only after the installation of the entire control system.
From the Web Console you will be able to check all monitored metrics, check performance and manage notifications.
- The SOAR benefits: simplifying investigation and response
- Security Code Review: How the service works
- Integration of the automated response: the automations in SOCaaS
- Coordination between CTI and SOC: how to further raise the defenses
- New Cloud Server: redundant internet
- Quality certificate for the SOCaaS of SOD
- Managed Detection and Response: a new preventive approach
- CLUSIT: our collaboration for better services
- Backup as a Service (17)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (15)
- Security (170)
- Web Hosting (15)
- Google: Hack-for-Hire Groups Present a Potent Threat June 30, 2022Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.
- 18 Zero-Days Exploited So Far in 2022 June 30, 2022It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
- API Security Losses Total Billions, But It's Complicated June 30, 2022A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?
- Exchange Servers Backdoored Globally by SessionManager June 30, 2022Malicious ISS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say.
- Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion June 30, 2022Titaniam’s ‘State of Data Exfiltration & Extortion Report’ also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands.
- NXM Announces Platform That Protects Space Infrastructure and IoT Devices From Cyberattacks June 30, 2022NXM Autonomous Security protects against network-wide device hacks and defends against critical IoT vulnerabilities.
- A Fintech Horror Story: How One Company Prioritizes Cybersecurity June 30, 2022A password link that didn't expire leads to the discovery of exposed personal information at a payments service.
- Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration June 30, 2022An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.
- Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know June 30, 2022There were a record number of zero-day attacks last year, but some basic cyber-hygiene strategies can help keep your organization more safe.
- Patch Now: Linux Container-Escape Flaw in Azure Service Fabric June 29, 2022Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
- Backdoor.Win32.InfecDoor.17.c / Insecure Permissions June 28, 2022Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The malware writes a ".420" settings file type to c drive granting change (C) permissions to the authenticated user group. Standard users can...
- Trojan-Mailfinder.Win32.VB.p / Insecure Permissions June 28, 2022Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The malware writes a dir with multiple PE files to c drive granting change (C) permissions to the authenticated user group. Standard users can […]
- Backdoor.Win32.Shark.btu / Insecure Permissions June 28, 2022Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Shark.btu Vulnerability: Insecure Permissions Description: The malware writes multiple PE files to c drive granting change (C) permissions to the authenticated user group. Standard users can rename the executable...
- Yashma Ransomware Builder v1.2 / Insecure Permissions June 28, 2022Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Yashma Ransomware Builder v1.2 Vulnerability: Insecure Permissions Description: The malware creates PE files with insecure permissions when writing to c:\ drive, granting change (C) permissions to the authenticated user […]
- AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine June 28, 2022Posted by chan chan on Jun 27Hi FullDisclosure, I would like to publish an exploit that I found on AnyDesk as follows. # Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine # Google Dork: [if applicable] # Date: 24/5/2022 # Exploit Author: Erwin Chan # […]
- SEC-T CFP ongoing June 28, 2022Posted by Mattias Bååth via Fulldisclosure on Jun 27Hey all It's now less than two weeks to submit a talk to SEC-T 2022, at least if you want to be part of the first talk selection round (recommended) that we kick off July first. SEC-T is non-profit, non-corporate, two day, single track, con in Stockholm, […]
- CFP No cON Name 2022 - Barcelona June 28, 2022Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27No cON Name 2022 - Barcelona ************************************ ***** Call For Papers ****** ************************************ https://www.noconname.org/call-for-papers/ Exact place not disclosed until a few weeks before due celebration. * INTRODUCTION The organization has opened CFP proposals. No cON Name is the eldest Hacking and Security Conference in Span. […]
- Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) June 21, 2022Posted by Onapsis Research via Fulldisclosure on Jun 21# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) ## Impact on Business Exposing the contents of a directory can lead to a disclosure of useful information for the attacker to devise exploits, such as creation times of files or […]
- Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) June 21, 2022Posted by Onapsis Research via Fulldisclosure on Jun 21# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) ## Impact on Business Running unnecessary services, like a jetty webserver, may lead to increased surface area for an attack and also it unnecessarily exposes underlying vulnerabilities. ## Advisory Information - […]
- Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad June 21, 2022Posted by Onapsis Research via Fulldisclosure on Jun 21# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad ## Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP […]
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF