User Guide

Monitoring SIEM

The nep-monitoring-siem package is the NEP designed to monitoring the NetEye SIEM modules. It provides a quite complete monitoring for all the components of this module. With nep-monitoring-siem it is possible to perform monitoring of:

Minimum supported environment

This package can be installed on systems running the software described below. Systems with equivalent components are also suitable for installation.

Required software

Requirements

NetEye

Version 4.20+

NetEye modules

Core, SIEM

Ruby

Version 2.0+

Package requirements

Service and Host Template shipped with package nep-monitoring-siem require the following nep:

  • nep-common

  • nep-monitoring-core

Setup instructions

If all requirements are met, you can now install this package. To manually set up the nep-monitoring-siem package, use nep-setup utility to install it. Then,

nep-setup install nep-monitoring-siem

To monitoring Filebeat you need to Enable HTTP localhost for Metrics adding this lines to the filebeat.yml `` http.enableb: true http.port: 5067 ``

Available Objects

This section contains a description of all the Objects from this Package that can be used to build your own monitoring environment.

Director Objects

The Package contains the following Director Objects.

Data Lists

The following Data Lists can be freely customized by the End User. Their purpose is to provide easy data filling to better describe the monitoring environment.

Datalist name

Description

[NX] Elastic Check Types List

Used to provide the list of check available for nx-c-check_es_system command

Service Templates

The following Service Templates can be used to freely create Service Objects, Service Apply Rules or Service Sets. Remember to not edit these Service Templates because they will be restored/updated at the next NEP Package update.

Template name

Run on Agent

Description

nx-st-agent-elastic

Yes

Checks for Elasticsearch System

nx-st-agent-elastic-neteye

Yes

Checks for Elasticsearch System on NetEye

nx-st-agent-logstash

Yes

Checks for Logstash System

nx-st-agent-logstash-neteye

Yes

Checks for Logstash System on NetEye

Service Sets

The following Service Sets can be used to freely monitor Host Objects. Remember to not edit these Service Sets because they will be restored/updated at the next NEP Package update.

Service Set name

Description

nx-ss-neteye-siem-clustered-state

Service Set providing common monitoring for NetEye SIEM Module on a cluster

nx-ss-neteye-siem-state

Service Set providing common monitoring for NetEye SIEM Module on a single node

nx-ss-neteye-endpoint-elastic-state

Service Set providing common monitoring for Elasticsearch Service on NetEye

nx-ss-neteye-endpoint-logstash-state

Service Set providing common monitoring for Logstash Service on NetEye

ITOA Dashboards

The Package does not provide any ITOA Dashboard

Package’s objects list

Object Type

Object Name

Editable

Containing File

Director Command

nx-c-check_es_system

No

baskets/import/nep-monitoring-siem-02-command.json

Director Command

nx-c-check_logstash

No

baskets/import/nep-monitoring-siem-02-command.json

Director Command

nx-c-check_logstash_queue

No

baskets/import/nep-monitoring-siem-02-command.json

Director Data List

[NX] Elastic Check Types List

No

baskets/import/nep-monitoring-siem-01-datalist.json

Director Service Set

nx-ss-neteye-endpoint-elastic-state

No

baskets/import/nep-monitoring-siem-05-serviceset.json

Director Service Set

nx-ss-neteye-endpoint-logstash-state

No

baskets/import/nep-monitoring-siem-05-serviceset.json

Director Service Set

nx-ss-neteye-siem-clustered-state

No

baskets/import/nep-monitoring-siem-05-serviceset.json

Director Service Set

nx-ss-neteye-siem-state

No

baskets/import/nep-monitoring-siem-05-serviceset.json

Director Service Template

nx-st-agent-elastic-neteye

No

baskets/import/nep-monitoring-siem-04-service.json

Director Service Template

nx-st-agent-elastic

No

baskets/import/nep-monitoring-siem-04-service.json

Director Service Template

nx-st-agent-logstash-neteye

No

baskets/import/nep-monitoring-siem-04-service.json

Director Service Template

nx-st-agent-logstash

No

baskets/import/nep-monitoring-siem-04-service.json