Efficient alert management for Big Data and IT infrastructures

Berlin, 07/23/2020

Watches are the essential component in Signals. They consist of three parts: Triggers that determine when a watch is performed. Checks, which monitor and analyze the defined situation. Actions that are executed when all previous conditions are met.
The graphic mode in Signals shows how data of a defined condition behave in comparison to the threshold value and how they change over time. The definition of the threshold value is the starting point for the alerting strategy.

Current release of Search Guard with new standard "Signals" function

Berlin, 23.07.2020. With the current release version 7.x-42.0.0, Search Guard provides the new standard function "Signals". The alerting and monitoring feature helps IT administrators detect deviations and conspicuous changes in data stored in Elasticsearch clusters. This can be customer or payment data, production values, key figures for the company and much more. Search Guard is an independent open source plug-in for the protection of Elasticsearch clusters. The alerting feature is now standard and it is available for free in the Community Edition.

Attacks and data theft are often preceded by undiscovered abnormalities in a data cluster which may come from multiple failed online payment, fraudulent financial transactions or frequent incorrect password entries. The more sensitive the data stored in the cluster, the more important it is to quickly detect abnormalities and prioritize them correctly. To do this, IT management needs an alerting strategy. Alerting management is not only useful in cases of fraud, but also in price-sensitive industries that are subject to high dynamics due to currency fluctuations, such as securities trading or airline tickets.

Remain capable of acting at all times

With the new Signals feature in Search Guard, IT administrators can implement an alerting strategy that delivers warning signals to various notification channels based on a multi-level escalation model. This ensures that IT departments remain capable of action both in the operational business and in the event of an attack. Signals controls monitoring and notification management in the event of data abnormalities in Elasticsearch clusters. The feature can be combined with all common IT systems that have a REST interface. Thus Signals is also used for monitoring the entire IT infrastructure.

The core of Signals from the administrator's point of view is the graphical user interface. This allows all settings to be made intuitively and user-friendly without additional programming effort. Different severity levels are defined via the user interface, as well as the notification channels and notification rules.

"To provide IT administrators with even better protection for their cluster and to offer high added value, we have expanded Search Guard to include the Alerting Feature Signals," says Jochen Kressin, Managing Director of floragunn GmbH, the manufacturer of Search Guard. "Signals enable the right people to know what to do at the right time and can take action".

Signals at a glance

Multiple sources of data input

The most important data source that Signals can access is Elasticsearch in version 7.4.0 and higher. In addition, data from other endpoints can also be processed, which significantly expands the scope of application for IT administrators. Signals ships with an HTTP adapter so that data from any HTTP REST endpoint can be included. Signals also supports authentication (HTTP Basic, JWT and client certificates) and TLS.

Dynamic conditions and severity levels

Signals provides alerting both commonly on severity and with fully dynamic conditions to trigger alerts. Dynamic conditions are available, for example, if you want to monitor data that is fed from different data sources.

Versatile output channels for notifications

Output channels for alerting notifications are currently e-mail, Slack, Webhooks, PagerDuty and JIRA. Support for Microsoft Teams as an output channel is planned. Depending on the severity, it is possible to define which alert is sent to which recipient via which channel. The number of notifications can be controlled and for example reduced to one notification per defined interval. It is also possible to set the alerts at preset times, for example every 30min or exponentially after two minutes, four minutes and so on.

Outlook

Signals is available for free in the Community Edition and can be installed and tested without any effort. Instructions and downloads for developers can be found ​in the documentation. All questions and requests around the feature are answered in ​Signals Community Forum​.

About floragunn GmbH

Exponentially increasing amounts of data (Big Data) require protection against unauthorized access or control at all times. Since its foundation in 2013, floragunn pursues the vision to protect every Elasticsearch cluster. With the Search Guard® 2.3 version, released on June 17, 2016, Search Guard® is the first security plug-in that provides essential security functions free of charge. High customer orientation, fast processes and a user-friendly licensing model are the company's hallmarks. Search Guard® is an open source based plug-in Made in Germany and verified according to Veracode and CVE Numbering Authority. floragunn GmbH is a member of the Alliance for Cyber Security of the German Federal Office for Information Security (BSI), TeleTrusT and the German Federal Association for IT Security. Fortune 500 companies, educational institutions and authorities worldwide use Search Guard® to protect their clusters. Search Guard® is available in the free Community Edition and in the Enterprise and Compliance Edition license versions. The plug-in can be tested free of charge for 60 days. Further information is available at search-guard.com/alerting/.

Contact person for the editorial office:
Eskimos mit Kühlschränken
Simone Brett-Murati
Tel: 0171/ 53 80 275
E-Mail: [email protected]

floragunn GmbH
Thomas Mahler
Tel: 01522/ 1950326
Email: [email protected]
ct icon
60-day PoC License
Want to see how your company can benefit from our Compliance edition? Sign up to our 60-day trial, completely free of charge.
arrow icon
follow us
twitter iconfacebook iconlinkedIn iconyoutube icon
stay updated
For the latest product developments, new versions and cybersecurity news, sign up to our newsletter.