W |
Bill Chalmers |
Provide API features for historical data per module, e.g.
Global
- Incident counts over time
- Incident counts over time by type
- Malware counts over time
- Malware counts over time by type
Per server
module activity historical data over time (web honeypot, port honeypot, etc)
incident counts over time
incident counts over time by incident type
incident counts over time by domain
Incident counts over time by severity
Malware counts over time
Malware counts over time by type.
Malware counts over time by domain.
Activity Newest / Oldest
Mark Bacsko
Hey there everyone!
Our newest agent version allows you to do this with both Monitoring 360 and Zabbix!
Mark Bacsko
Status changed to: Released
Mark Bacsko
Status changed to: In progress
Mark Bacsko
Hey everyone!
Great news! A feature like this is underway, with the capabilities to deliver some of the key bulletpoints.
Have any additional wishes? Feel free to chime in here!
Stay Ninjastic!
Bill Chalmers
Hi George, no it's not for monitoring and alerting, its for reporting, I have already devised a monitoring setup for our monitoring system.
If I wanted to justify to my manager the worth of bitninja, currently it's just my word, if I could for example show monthly counts of malware on a particular server
Server 1
Month 1 (bitninja installed) - malware count: 1000
Month 2 - malware count: 200
Month 3 - malware count: 2
Month 4 - malware count: 0
The same for attacks - which server is being hit the most? by which type of attack?, is there a particular domain that is having the most incidents over time.
This is a requirement for historical data in order to validate bitninja effectiveness / provide reports to management / further enhance security by identifying particular servers/domains/incident types over time so we can plug any holes that keep getting hit.
George Egri
@Bill we were discussing this feature, and we have some clarification questions. If I understand right, then the goal is to do monitoring and alerting about bitninja. If this is the case maybe a different approach would be even more beneficial, to create integration for monitoring tools so you could simply integrate these data into your currently used monitoring tool? What do you think about it? I think this might give more flexibility on your end about what you would like to measure, what time range you query, dashboarding, alerting, etc. If we are missing some point about the reporting API idea, could you shed some light please?
Laszlo Takacs - BitNinja CCO
Status changed to: Waiting