Monitoring SIEM¶
The nep-monitoring-siem
package is the NEP designed to monitoring the NetEye SIEM modules. It provides a quite complete monitoring for all the components of this module. With nep-monitoring-siem
it is possible to perform monitoring of:
Elasticsearch System more info on Official Documentation.
Logstash System more info on Official Documentation.
Filebeat System more info on Official Documentation.
Minimum supported environment¶
This package can be installed on systems running the software described below. Systems with equivalent components are also suitable for installation.
Required software |
Requirements |
---|---|
NetEye |
Version |
NetEye modules |
|
Ruby |
Version |
Package requirements¶
Service and Host Template shipped with package nep-monitoring-siem
require the following nep:
nep-common
nep-monitoring-core
Setup instructions¶
If all requirements are met, you can now install this package. To manually set up the nep-monitoring-siem
package, use nep-setup
utility to install it. Then,
nep-setup install nep-monitoring-siem
To monitoring Filebeat you need to Enable HTTP localhost for Metrics adding this lines to the filebeat.yml `` http.enableb: true http.port: 5067 ``
Available Objects¶
This section contains a description of all the Objects from this Package that can be used to build your own monitoring environment.
Director Objects¶
The Package contains the following Director Objects.
Data Lists
The following Data Lists can be freely customized by the End User. Their purpose is to provide easy data filling to better describe the monitoring environment.
Datalist name |
Description |
---|---|
[NX] Elastic Check Types List |
Used to provide the list of check available for |
Service Templates
The following Service Templates can be used to freely create Service Objects, Service Apply Rules or Service Sets. Remember to not edit these Service Templates because they will be restored/updated at the next NEP Package update.
Template name |
Run on Agent |
Description |
---|---|---|
nx-st-agent-elastic |
Yes |
Checks for Elasticsearch System |
nx-st-agent-elastic-neteye |
Yes |
Checks for Elasticsearch System on NetEye |
nx-st-agent-logstash |
Yes |
Checks for Logstash System |
nx-st-agent-logstash-neteye |
Yes |
Checks for Logstash System on NetEye |
Service Sets
The following Service Sets can be used to freely monitor Host Objects. Remember to not edit these Service Sets because they will be restored/updated at the next NEP Package update.
Service Set name |
Description |
---|---|
nx-ss-neteye-siem-clustered-state |
Service Set providing common monitoring for NetEye SIEM Module on a cluster |
nx-ss-neteye-siem-state |
Service Set providing common monitoring for NetEye SIEM Module on a single node |
nx-ss-neteye-endpoint-elastic-state |
Service Set providing common monitoring for Elasticsearch Service on NetEye |
nx-ss-neteye-endpoint-logstash-state |
Service Set providing common monitoring for Logstash Service on NetEye |
ITOA Dashboards¶
The Package does not provide any ITOA Dashboard
Package’s objects list¶
Object Type |
Object Name |
Editable |
Containing File |
---|---|---|---|
Director Command |
nx-c-check_es_system |
No |
baskets/import/nep-monitoring-siem-02-command.json |
Director Command |
nx-c-check_logstash |
No |
baskets/import/nep-monitoring-siem-02-command.json |
Director Command |
nx-c-check_logstash_queue |
No |
baskets/import/nep-monitoring-siem-02-command.json |
Director Data List |
[NX] Elastic Check Types List |
No |
baskets/import/nep-monitoring-siem-01-datalist.json |
Director Service Set |
nx-ss-neteye-endpoint-elastic-state |
No |
baskets/import/nep-monitoring-siem-05-serviceset.json |
Director Service Set |
nx-ss-neteye-endpoint-logstash-state |
No |
baskets/import/nep-monitoring-siem-05-serviceset.json |
Director Service Set |
nx-ss-neteye-siem-clustered-state |
No |
baskets/import/nep-monitoring-siem-05-serviceset.json |
Director Service Set |
nx-ss-neteye-siem-state |
No |
baskets/import/nep-monitoring-siem-05-serviceset.json |
Director Service Template |
nx-st-agent-elastic-neteye |
No |
baskets/import/nep-monitoring-siem-04-service.json |
Director Service Template |
nx-st-agent-elastic |
No |
baskets/import/nep-monitoring-siem-04-service.json |
Director Service Template |
nx-st-agent-logstash-neteye |
No |
baskets/import/nep-monitoring-siem-04-service.json |
Director Service Template |
nx-st-agent-logstash |
No |
baskets/import/nep-monitoring-siem-04-service.json |