Monitor Events
Last updated
Last updated
open-appsec provides three views for monitoring system events:
Graphical Dashboard - graphical view of security events with Critical & High severity.
Important Events - tabular view of security events with Critical & High severity.
Notifications - tabular view of administrative system events.
The AppSec Dashboard is a single-pane view of important security events.
To reach the dashboard select Monitor, then AppSec Dashboard in the main menu.
Controls in the dashboard are clickable and will allow you to drill down and see granular event details.
Following is a description of the Dashboard sections:
Overall HTTP Traffic
Statistics show the number of overall request for the time period and unique number of users and, or identities that use the protected web servers.
Malicious Activity
Overall statistics of the number of attackers (users and, or identities) and the number of attacks on web servers.
Security Actions
Overall number of events that where prevented and detected.
Top Attack Sources
A chart of the top attackers by the number of events.
Number of events on a time line, gives visibility to the changes in the security posture.
Attacks Level
Chart of the number of attacks by severity.
Top Attack Assets
Chart of the most attacked web servers.
Asset Statistics
Table of protected web server(s) and its statistics.
Attacks Timeline
Shows a specific time period on the dashboard.
You can right click on Dashboard items to drill down as well as "filter in" or "filter out":
The Events view provides a tabular view of events with ability to select granular filter options (left pane in the image below), search queries and Time ranges.
When you double click on an event, a card shows details about the specific event.
Examples:
Event Severity Classification
Protected Web Asset Name and Policy
HTTP Transaction Information
Threat Prevention details
You can filter events based on time ranges by clicking the time filter selector at the top left corner.
CloudGuard AppSec features an extensive event query language. For more details see here:
Event Query LanguageWhen browsing to Monitor->Notifications a specific log view is shown.
This view includes notifications to the user about an issue and a remediation action item, usually regarding detection of a configuration or environment issue open-appsec has detected around it.
The Log view includes a "Remediation" column where the instructions will be shown.
Urgent notifications, if there are any, will appear on the top bar of the application in any page, leading to this page for additional information.