Security Monitoring 

 Pandora FMS incorporates its own specific security functionalities 

  1. Security monitoring plugin, to monitor basic system security, designed for GNU/Linux® servers only.
  2. Hardening evaluation system over time (GNU/Linux®, MS Windows®).
  3. System vulnerability assessment system (GNU/Linux®, MS Windows® and remote systems).

Security Monitoring Plugin

This plugin, which comes standard in GNU/Linux agents, is responsible for constantly verifying certain basic aspects of your environment

  • Strength of passwords for all users with access to the system
  • SELinux status.
  • Remote access as root user.
  • Automatic remote access as root.
  • TCP ports actively listening.
  • Modification of essential configuration files.

Hardening monitoring

The recommendations of the Center for Internet Security (CIS) and National Institute of Standards and Technology (NIST) have been merged with Pandora FMS monitoring technology to offer an integrated assurance audit system.


CIS Categories Audited by Pandora FMS (more than 1,500 individual checks):

  1. Inventory and control of hardware and software assets
  2. Device inventory and control
  3. Vulnerability Management
  4. Controlled use of administrative privileges
  5. Secure hardware and software configuration.
  6. Log and audit log maintenance, monitoring, and analysis.
  7. Malware Defenses
  8. Email and Web Browser Protection
  9. Data recovery capabilities
  10. Boundary defense and data protection
  11. Monitoring and Account Control

Detailed hardening audits

The checks are performed by the agent that runs on each machine.

You can take a snapshot of the security of the system, calculate and assign a security index and see the evolution of that safety index over time.
  

Hardening reports & dashboard

 

Vulnerability Monitoring

Pandora FMS agents and the remote discovery engine will search for information about the software installed on the system, then compare this information with the central database of vulnerabilities that Pandora FMS has (downloaded from NIST, Miter and other sources) and will provide a list of software packages with known vulnerabilities.

Pandora FMS will offer a unique risk indicator for each system, based on the number of vulnerabilities and their dangerousness

 

You may navigate through the control panel to filter the information and reach a level of detail where each vulnerable software package is specified, the vulnerability (with CVE code) that applies to it and the description of the problem:

 

The Pandora FMS vulnerability database draws from two sources:


 + CVE-Search which combines data from NVD NIST, MITER and Red Hat.

+ Direct information from the repositories of Canonical, Red Hat, Debian, Arch Linux, NVD NIST, and Microsoft Security Updates.

The Pandora server builds its own database from this data and segments and indexes it in memory for quick detection, so that it only loads the vulnerabilities corresponding to the operating systems reported by Pandora FMS agents.

Vulnerability data display

Once the system has information, it will be displayed in the Vulnerabilities tab of each monitored system.

It also has (as of version 775) a general dashboard, with several added graphs, such as the Top-10 of most vulnerable systems (worst ranking of vulnerabilities), Top-10 vulnerabilities (most frequent) and other groupings.

  1. By group of machines.
  2. Attack complexity (low/high/medium).
  3. Type of vulnerability (confidentiality, integrity, availability…).
  4. Access vector: Network, Adjacent Network…
  5. User interaction: none, required, etc.
  6. Privileges required: None, low…

Tactical security view

It presents an overall picture of the agents, with graphs summarizing the total system risk as a whole, the severity of the complexity of the attacks and the vulnerabilities presented by each installed software package.
  

Data breakdown

It presents a breakdown of security data, showing the top 10 agents and top 10 software packages with the most vulnerabilities.

Information can be filtered by agent groups and exported in CSV format. Summaries in Privileges required, User Interaction and Attack Vector boxes have display buttons that refer to the audit section.
  

Audit

By default it displays all vulnerability information, so it may take some time to load. You will be able to filter by infinite combinations of vulnerability features, including specific CVE identifier numbers.
  

Other PandoraFMS Modules

PandoraFMS features map

Download

RECENT PRODUCTS

Information Security

CATEGORIES

Group of companies
Cookies policy
About Company

SUBSCRIBE

Get monthly updates and news.

© Copyright 2024 Advanced Technologies Solutions - All Rights Reserved