Monitor the Platform
When you deploy your Cybereason platform on the cloud, the Cybereason solution includes platform monitoring services.
Note
On-premises customers can also opt to use these services. For details, contact Customer Success.
Cybereason has implemented an enterprise monitoring solution based on Zabbix and additional tools. Cybereason Technical Support uses this solution to monitor your Cybereason deployment.
Important
Since Technical Support performs all monitoring for cloud-based deployments, the information in this topic is intended to provide a better understanding of the monitoring process.
In this topic:
What is the Cybereason monitoring solution?
Cybereason’s monitoring solution utilizes a number of components that help monitor a number of different platform capabilities.
Components
The monitoring solution uses the following components to monitor each area of the system:
Component |
System Area |
---|---|
Pingdom |
User experience |
Zabbix |
System monitoring |
ELK (elastic search) |
Logs monitoring |
Zabbix |
Application-level monitoring |
Grafana |
Visual graphs and trends |
Zabbix server
The Zabbix server is located on the Cybereason AWS private monitoring VPC. The Zabbix server runs a set of predefined actions to notify the teams responsible for each issue. The Zabbix server can run various corrective actions to solve issues automatically.
Zabbix agents
Zabbix agents are installed as part of the general Cybereason image. Agents run with the relevant monitoring template. Once a policy threshold is exceeded, a message is sent to the central server that represents the problem graphically on the service map and on the central console. Zabbix agents can run various corrective actions to solve issues automatically.
Monitoring capabilities
The solution monitors the following types of data for Cybereason services infrastructure:
Application availability
Performance
Faults
The monitoring solution enables infrastructure management from the bottom up, throughout all levels of the computing environment of the service, including:
Network management
Operation system management
Database management
Application management
At each level, Zabbix enables system administrators to:
View the real-time status of the service
Analyze the root-cause of each issue
Access tools to fix issues
Alerts
The Zabbix server generates alerts when system behavior exceeds specific thresholds, indicating an issue that may require maintenance action. The Zabbix server forwards alerts to the central fault management console, where the Cybereason Technical Operations team monitors and analyzes the alerts 24/7. The Technical Operations team investigates alert causes and performs maintenance actions when necessary.
Alert categories include:
App monitoring alerts
UI tests
System checks (listed below)
Private Threat Intel server metrics (listed below)
System checks
The Zabbix server performs the following system checks:
CPU Utilization (Percent)
Network In (Bytes)
Network Out (Bytes)
Network Packets Out (Count)
Disk Space
Java Heap Utilization
Processor load
Disk I/O
ssh_sessions
Apache Tomcat
mongo.status
Processor load on sage
Connection States
Private Threat Intel server metrics
The Zabbix server collects the following metrics for your private Threat Intel server:
Sage Classification Avg request time Per type
Error Count
Mongo Lock
Outbound traffic
Inbound Traffic
JMX Global requests
Full GC
VT File Classification
VT Domain Classification
Mongo Execution