Monitor the Platform

When you deploy your Cybereason platform on the cloud, the Cybereason solution includes platform monitoring services.

Note

On-premises customers can also opt to use these services. For details, contact Customer Success.

Cybereason has implemented an enterprise monitoring solution based on Zabbix and additional tools. Cybereason Technical Support uses this solution to monitor your Cybereason deployment.

Important

Since Technical Support performs all monitoring for cloud-based deployments, the information in this topic is intended to provide a better understanding of the monitoring process.

What is the Cybereason monitoring solution?

Cybereason’s monitoring solution utilizes a number of components that help monitor a number of different platform capabilities.

Components

The monitoring solution uses the following components to monitor each area of the system:

Component

System Area

Pingdom

User experience

Zabbix

System monitoring

ELK (elastic search)

Logs monitoring

Zabbix

Application-level monitoring

Grafana

Visual graphs and trends

Zabbix server

The Zabbix server is located on the Cybereason AWS private monitoring VPC. The Zabbix server runs a set of predefined actions to notify the teams responsible for each issue. The Zabbix server can run various corrective actions to solve issues automatically.

Zabbix agents

Zabbix agents are installed as part of the general Cybereason image. Agents run with the relevant monitoring template. Once a policy threshold is exceeded, a message is sent to the central server that represents the problem graphically on the service map and on the central console. Zabbix agents can run various corrective actions to solve issues automatically.

Monitoring capabilities

The solution monitors the following types of data for Cybereason services infrastructure:

  • Application availability

  • Performance

  • Faults

The monitoring solution enables infrastructure management from the bottom up, throughout all levels of the computing environment of the service, including:

  • Network management

  • Operation system management

  • Database management

  • Application management

At each level, Zabbix enables system administrators to:

  • View the real-time status of the service

  • Analyze the root-cause of each issue

  • Access tools to fix issues

Alerts

The Zabbix server generates alerts when system behavior exceeds specific thresholds, indicating an issue that may require maintenance action. The Zabbix server forwards alerts to the central fault management console, where the Cybereason Technical Operations team monitors and analyzes the alerts 24/7. The Technical Operations team investigates alert causes and performs maintenance actions when necessary.

Alert categories include:

  • App monitoring alerts

  • UI tests

  • System checks (listed below)

  • Private Threat Intel server metrics (listed below)

System checks

The Zabbix server performs the following system checks:

  • CPU Utilization (Percent)

  • Network In (Bytes)

  • Network Out (Bytes)

  • Network Packets Out (Count)

  • Disk Space

  • Java Heap Utilization

  • Processor load

  • Disk I/O

  • ssh_sessions

  • Apache Tomcat

  • mongo.status

  • Processor load on sage

  • Connection States

Private Threat Intel server metrics

The Zabbix server collects the following metrics for your private Threat Intel server:

  • Sage Classification Avg request time Per type

  • Error Count

  • Mongo Lock

  • Outbound traffic

  • Inbound Traffic

  • JMX Global requests

  • Full GC

  • VT File Classification

  • VT Domain Classification

  • Mongo Execution