apache/http-server Dashboards
Error log analysis
Widget | Description | Type |
---|---|---|
Which are the top client IP addresses that appear in error log
events (var/log/apache2/error.log)
logscale
| Time Chart | |
List of error messages (from var/log/apache2/error.log) sorted by
greatest number of occurrences of each message. NB some error log
message types contain server/host specific information.
logscale
| Table | |
Volume of error logs by log type over time (from
var/log/apache2/error.log)
logscale
| Time Chart | |
The most common emerg ,
crit or
alert error messages with
server name, error message and the number of instances of this
message (from var/log/apache2/error.log)
logscale
| Table | |
Which are the server names that appear in error log events
(var/log/apache2/error.log)
logscale
| Time Chart | |
Location of client IPs that are associated with error log events
of type emerg, crit or
alert (from var/log/apache2/error.log). Note
- location of client IP does not always correlate with actual
physical location of user or system
logscale
| World Map |
HTTP errors
Widget | Description | Type |
---|---|---|
Which client IPs are causing the most 4XX errors
logscale
| Time Chart | |
Volume of server and client errors over time
logscale
| Time Chart | |
The 5 URLs with the most 5XX errors over time
logscale
| Time Chart | |
The 5 URLs with the most 4XX errors over time
logscale
| Time Chart | |
Number of 4XX status codes by server
logscale
| Bar Chart | |
Number of 5XX status codes by server
logscale
| Bar Chart | |
Number of 4xx (client) and 5xx (server) errors
logscale
| Pie Chart | |
Which Client IPs are causing most 4XX errors with the specific
error code and description
logscale
| Table |
IOC matches for client IP
Widget | Description | Type |
---|---|---|
Location of client IP addresses present in IOC. Note - location of
client IP does not always correlate with actual physical location
of user or system
logscale
| World Map | |
Number of client IP IOC matches by confidence threshold over time
logscale
| Time Chart | |
Pie chart showing breakdown of threat types (linked to client IP)
logscale
| Pie Chart | |
Links client IP IOC labels to the different values of each label
logscale
| Sankey | |
Pie chart showing breakdown of threat actors (linked to client IP)
logscale
| Pie Chart | |
Pie chart showing breakdown of kill chain values (linked to client
IP)
logscale
| Pie Chart | |
Detailed information of all threats found in client IPs
logscale
| Table | |
Pie chart showing breakdown of malware types (linked to client IP)
logscale
| Pie Chart | |
# All Details The table below shows details of all the threats found, irrespective of the threshold filter applied. Click on the various aspects of these results to drill down into the raw events | Note | |
Falcon LogScale includes an integration with CrowdStrike's Falcon
Intelligence to provide Falcon LogScale customers with a built-in
database of Indicators of Compromise (IOCs). Customers can search
their logs for matches against the IOC database and see relevant
threat information for each IOC found.
Find
out more. This dashboard takes the
client_ip field from both Apache access and
error logs and checks it against known IP addresses in the IOC
database with the ioc:lookup() function.
| Note |
IOC matches for referer domain
Widget | Description | Type |
---|---|---|
Location of client IP addresses present in IOC. Note - location of
client IP does not always correlate with actual physical location
of user or system
logscale
| World Map | |
Pie chart showing breakdown of threat types (linked to client IP)
logscale
| Pie Chart | |
Links client IP IOC labels to the different values of each label
logscale
| Sankey | |
Pie chart showing breakdown of threat actors (linked to client IP)
logscale
| Pie Chart | |
Pie chart showing breakdown of kill chain values (linked to client
IP)
logscale
| Pie Chart | |
Detailed information of all threats found in client IPs
logscale
| Table | |
Pie chart showing breakdown of malware types (linked to client IP)
logscale
| Pie Chart | |
# All Details The table below shows details of all the threats found, irrespective of the threshold filter applied. Click on the various aspects of these results to drill down into the raw events | Note | |
Falcon LogScale includes an integration with CrowdStrike's Falcon
Intelligence to provide Falcon LogScale customers with a built-in
database of Indicators of Compromise (IOCs). Customers can search
their logs for matches against the IOC database and see relevant
threat information for each IOC found.
Find
out more. This dashboard extracts the
domain from the referer
field of the Apache access logs and checks it against known
domains in the IOC database with the
ioc:lookup() function.
| Note |
Overview
Widget | Description | Type |
---|---|---|
Breakdown of response volumes by type over time
logscale
| Time Chart | |
Number of unique client IPs visiting server(s)
logscale
| Time Chart | |
Location of client IPs. Note location of client IP does not always
correlate with actual physical location of user or system
logscale
| World Map | |
Total volume of data served by web server(s) over time
logscale
| Time Chart | |
Relative volume of each media type served - note media type is
determined from the URL
logscale
| Pie Chart | |
Requests received per second
logscale
| Time Chart | |
Volume of bytes served for each media type over time. Note - media
type is determined from the URL
logscale
| Time Chart | |
Total volume of data served by web server(s)
logscale
| Single Value | |
List of all web servers
logscale
| Table | |
Total number of unique client IPs visiting server(s)
logscale
| Single Value |
Visitor insights
Widget | Description | Type |
---|---|---|
Location of client IPs. Note location of client IP does not always
correlate with actual physical location of user or system
logscale
| World Map | |
Top 10 user agents making any requests, irrespective of success or
error
logscale
| Table | |
Domains that exists in CrowdStrike's Falcon LogScale IOC database.
See the 'IOC matches for referer domain' dashboard for more
details
logscale
| Single Value | |
Most common URLs - counts only successful requests
logscale
| Table | |
The sites referring visitors to your sites
logscale
| Pie Chart | |
The sites referring visitors to your sites
logscale
| Time Chart | |
Client IPs that exists in CrowdStrike's Falcon LogScale IOC
database. See the 'IOC matches for client IP' dashboard for more
details
logscale
| Single Value |