apache/http-server Dashboards
Error log analysis
Widget | Description | Type |
---|---|---|
Top 5 clients associated with error events |
Which are the top client IP addresses that appear in error log
events (var/log/apache2/error.log)
logscale
| Time Chart |
Top error messages |
List of error messages (from var/log/apache2/error.log) sorted by
greatest number of occurrences of each message. NB some error log
message types contain server/host specific information.
logscale
| Table |
Error log levels over time |
Volume of error logs by log type over time (from
var/log/apache2/error.log)
logscale
| Time Chart |
Critical errors |
The most common emerg ,
crit or
alert error messages with
server name, error message and the number of instances of this
message (from var/log/apache2/error.log)
logscale
| Table |
Top 5 servers that are associated with error events |
Which are the server names that appear in error log events
(var/log/apache2/error.log)
logscale
| Time Chart |
Client locations associated with critical errors |
Location of client IPs that are associated with error log events
of type emerg, crit or
alert (from var/log/apache2/error.log). Note
- location of client IP does not always correlate with actual
physical location of user or system
logscale
| World Map |
HTTP errors
Widget | Description | Type |
---|---|---|
Top clients causing 4xx errors |
Which client IPs are causing the most 4XX errors
logscale
| Time Chart |
HTTP errors over time |
Volume of server and client errors over time
logscale
| Time Chart |
Top URLs with 5xx errors |
The 5 URLs with the most 5XX errors over time
logscale
| Time Chart |
Top URLs with 4xx errors |
The 5 URLs with the most 4XX errors over time
logscale
| Time Chart |
4xx codes by server |
Number of 4XX status codes by server
logscale
| Bar Chart |
5xx codes by server |
Number of 5XX status codes by server
logscale
| Bar Chart |
Client (4xx) and server (5xx) errors |
Number of 4xx (client) and 5xx (server) errors
logscale
| Pie Chart |
Clients with specific 4xx errors |
Which Client IPs are causing most 4XX errors with the specific
error code and description
logscale
| Table |
IOC matches for client IP
Widget | Description | Type |
---|---|---|
IOC geolocation |
Location of client IP addresses present in IOC. Note - location of
client IP does not always correlate with actual physical location
of user or system
logscale
| World Map |
Threat trends |
Number of client IP IOC matches by confidence threshold over time
logscale
| Time Chart |
Threat types |
Pie chart showing breakdown of threat types (linked to client IP)
logscale
| Pie Chart |
Threat relationships |
Links client IP IOC labels to the different values of each label
logscale
| Sankey |
Actors |
Pie chart showing breakdown of threat actors (linked to client IP)
logscale
| Pie Chart |
Kill chains |
Pie chart showing breakdown of kill chain values (linked to client
IP)
logscale
| Pie Chart |
All threat details |
Detailed information of all threats found in client IPs
logscale
| Table |
Malware |
Pie chart showing breakdown of malware types (linked to client IP)
logscale
| Pie Chart |
note-1624965575450 | # All Details The table below shows details of all the threats found, irrespective of the threshold filter applied. Click on the various aspects of these results to drill down into the raw events | Note |
Introduction to indicators of compromise (IOC) dashboard |
Falcon LogScale includes an integration with CrowdStrike's Falcon
Intelligence to provide Falcon LogScale customers with a built-in
database of Indicators of Compromise (IOCs). Customers can search
their logs for matches against the IOC database and see relevant
threat information for each IOC found.
Find
out more. This dashboard takes the
client_ip field from both Apache access and
error logs and checks it against known IP addresses in the IOC
database with the ioc:lookup() function.
| Note |
IOC matches for referer domain
Widget | Description | Type |
---|---|---|
IOC geolocation |
Location of client IP addresses present in IOC. Note - location of
client IP does not always correlate with actual physical location
of user or system
logscale
| World Map |
Threat types |
Pie chart showing breakdown of threat types (linked to client IP)
logscale
| Pie Chart |
Threat relationships |
Links client IP IOC labels to the different values of each label
logscale
| Sankey |
Actors |
Pie chart showing breakdown of threat actors (linked to client IP)
logscale
| Pie Chart |
Kill chains |
Pie chart showing breakdown of kill chain values (linked to client
IP)
logscale
| Pie Chart |
All threat details |
Detailed information of all threats found in client IPs
logscale
| Table |
Malware |
Pie chart showing breakdown of malware types (linked to client IP)
logscale
| Pie Chart |
note-1624965575450 | # All Details The table below shows details of all the threats found, irrespective of the threshold filter applied. Click on the various aspects of these results to drill down into the raw events | Note |
Introduction to indicators of compromise (IOC) dashboard |
Falcon LogScale includes an integration with CrowdStrike's Falcon
Intelligence to provide Falcon LogScale customers with a built-in
database of Indicators of Compromise (IOCs). Customers can search
their logs for matches against the IOC database and see relevant
threat information for each IOC found.
Find
out more. This dashboard extracts the
domain from the referer
field of the Apache access logs and checks it against known
domains in the IOC database with the
ioc:lookup() function.
| Note |
Overview
Widget | Description | Type |
---|---|---|
Responses over time |
Breakdown of response volumes by type over time
logscale
| Time Chart |
Unique visitors |
Number of unique client IPs visiting server(s)
logscale
| Time Chart |
World map of visitor locations |
Location of client IPs. Note location of client IP does not always
correlate with actual physical location of user or system
logscale
| World Map |
Bytes served over time |
Total volume of data served by web server(s) over time
logscale
| Time Chart |
Bytes served by media type |
Relative volume of each media type served - note media type is
determined from the URL
logscale
| Pie Chart |
Requests per second for each server |
Requests received per second
logscale
| Time Chart |
Bytes served by media type over time |
Volume of bytes served for each media type over time. Note - media
type is determined from the URL
logscale
| Time Chart |
Bytes served |
Total volume of data served by web server(s)
logscale
| Single Value |
Web servers |
List of all web servers
logscale
| Table |
Total visitors |
Total number of unique client IPs visiting server(s)
logscale
| Single Value |
Visitor insights
Widget | Description | Type |
---|---|---|
Worldmap of visitor location |
Location of client IPs. Note location of client IP does not always
correlate with actual physical location of user or system
logscale
| World Map |
Top user agents |
Top 10 user agents making any requests, irrespective of success or
error
logscale
| Table |
Malicious referer domains |
Domains that exists in CrowdStrike's Falcon LogScale IOC database.
See the 'IOC matches for referer domain' dashboard for more
details
logscale
| Single Value |
Top URLs |
Most common URLs - counts only successful requests
logscale
| Table |
Top referers |
The sites referring visitors to your sites
logscale
| Pie Chart |
Top referers over time |
The sites referring visitors to your sites
logscale
| Time Chart |
Malicious client IPs |
Client IPs that exists in CrowdStrike's Falcon LogScale IOC
database. See the 'IOC matches for client IP' dashboard for more
details
logscale
| Single Value |