MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [post] updated links to OpenNMS blog post

pull/27/head
Alexandre Dulaunoy 2020-08-18 15:24:53 +02:00
parent ee8aba2518
commit 5a28805435
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
_posts/2020-08-18-MISP-Monitoring-with-OpenNMS.md
View File

@ -1,3 +1,15 @@
---
title: MISP service monitoring (and a bit of healing) with OpenNMS
layout: post
authors:
- Sascha Rommelfangen
date: 2020-08-18
tags: ["Monitoring", "OpenNMS", "MISP", "Threat Intelligence"]
categories: []
featured: /assets/images/opennms/sc-http-s-response_time.png
---
# MISP service monitoring (and a bit of healing) with OpenNMS
## Introduction:
@ -16,7 +28,7 @@ Any (recent) MISP installation is perfectly fitting the requirements to reproduc
### OpenNMS
The free and open source OpenNMS Horizon (https://www.opennms.com/distributions/) in version 26.1.1 is used for the purpose of this article.
The free and open source [OpenNMS Horizon](https://www.opennms.com/distributions/) in version 26.1.1 is used for the purpose of this article.
@ -29,16 +41,16 @@ Assuming you have both a working MISP and an OpenNMS instance running, we can ju
This is the most simple form of monitoring in OpenNMS. It will be enabled by default and checks if the machine hosting MISP will be answering ICMP ('ping') packets. ICMP monitoring acts more like an on/off-switch monitoring, but it can also tell you statistically and historically something about the load of the machine and the network conditions due to the recorded response times.
![ICMP Response time statistics](sc-icmp-response_time.png)
![ICMP Response time statistics](/assets/images/opennms/sc-icmp-response_time.png)
### HTTP(S) monitoring
HTTP and HTTPS monitoring are also built-in into OpenNMS and activated by default if the server exposed TCP ports 80 and 443 during the initial scan. This check is quite handy to see if the web server is running, but doesn't tell you if the application behind this web server is acting properly.
HTTP and HTTPS monitoring are also built-in into OpenNMS and activated by default if the server exposed TCP ports 80 and 443 during the initial scan. This check is quite handy to see if the web server is running, but doesn't tell you if the application behind this web server is acting properly.
As in ICMP monitoring, OpenNMS is collecting the data over time and is able to give us an historic view on the response times without any additional configuration.
![HTTP(S) Response time statistics](sc-http-s-response_time.png)
![HTTP(S) Response time statistics](/assets/images/opennms/sc-http-s-response_time.png)
### Application monitoring