Logging, Monitoring & Intrusion Detection

Fortinet Firewall Dashboard

by Josef Weiss
December 5, 2013

This dashboard is a series of components that provide basic analysis of Fortigate devices.

The top three components offer trending data in regard to allowed connections, blocked connections, and sessions that have timed out. This easy to read graph can alert the analyst to potential connection-based anomalies.

The Data Events component displays the total number of TCP, UDP, and ICMP allowed/blocked connections over the last 24 hours.

Copyright Indicator

by Josef Weiss
November 14, 2013

Copyright Indicator Component

This component presents a detailed vulnerability summary on files that may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.

The associated report can be found here: Copyright Report

Threatlist Trending

by David Schwalenberg
November 6, 2013

Threatlist Trending Screenshot
This dashboard presents events and network connections that are associated with IP addresses on a known threatlist, and shows trending.

PVS Network Trending

by Cody Dumont
November 5, 2013

PVS Network Trending Screen Shot
This dashboard leverages PVS's ability to detect network traffic in real-time. Some examples are SSH, SSL, VNC and RDP.

Palo Alto Firewall Dashboard

by Cody Dumont
October 17, 2013

Palo Alto Firewall Dashboard
This dashboard displays the summary status of the Palo Alto firewall, and includes indicators for events, configuration audits, and NetFlow statistical graphs.

Snort IDS Events

by Josef Weiss
October 15, 2013

The Snort IDS Events dashboard organizes and visualizes events collected from the Snort intrusion detection system.

Tracking Device Types by Network

by Ron Gula
September 20, 2013

Nessus's operating system identification process generically identifies the type of device being scanned. This data can be used to create dashboards and trends of various device types for your network. 

Event Indicator Alert Dashboard

by Cody Dumont
July 23, 2013

Event Indicator Dashboard Screen Shot
The new "Indicator" LCE event type monitors a select list of normalized events and then analyzes the events for chains of activity that indicate potential abuse, evidence of compromise, or determined attacks. When a monitored event is triggered more than one time over a 24 hour period, the indicator alert counter is increased to 2, then on the third instance the counter is increased to 3, and so on. The max counter is currently set to 20.

IT-Grundschutz BSI-100-2 Dashboard

by Josef Weiss
June 19, 2013

Required - IT-Grundschutz BSI-100-2 audit file, Nessus, and SecurityCenter 4.6 or higher

The IT-Grundschutz Standards and Catalogues are a set of recommendations designed to assist an organization in achieving an appropriate security level for information throughout an organization. The Federal Office for Information Security (BSI) in Germany develops and maintains the BSI Standards, of which IT-Grundschutz is a part, with the providing methods, processes, procedures, and approaches to information security management, risk analysis, and business continuity management.

Pages