Section 23.219 Alerting and Monitoring: & Monitoring Resources Flashcards
Objective 4.4 Explain security alerting and monitoring concepts and tools
Importance
Alerting and Monitoring
Crucial for maintaining integrity, confidentiality, and availability of
information systems
Components:
● Alerting (notifying personnel of potential security incidents)
● Monitoring (continuous observation to detect anomalies or threats)
Types of Alerts
True Positive
Correctly identifies a legitimate issue
False Positive
Incorrectly indicates an issue when there isn’t one
True Negative
Correctly recognises the absence of an issue
False Negative
Fails to alert about a real issue
Alerting System Goals
● Maximise true positives
● Minimise false positives to avoid alert fatigue
Monitoring Types
Automated Monitoring
○ Software tools for scanning and analysing
Manual Monitoring
○ Human personnel actively reviewing and analyzing
Monitoring Resources
Monitoring Systems
Involves observing a computer system’s performance, including…
● CPU
● Memory
● Disk usage
● Network performance
Baseline
A reference point representing normal system behavior under typical operating conditions
■ Baseline metrics can include CPU usage, memory utilisation, disk activity, and network traffic
■ Deviations from the baseline can indicate potential issues, prompting proactive troubleshooting and maintenance
Baseline reference point
Application Monitoring
Focuses on managing and monitoring software application performance and availability
■ Tracks errors, bottlenecks, and issues that may affect an application’s performance or user experience
■ Tools like New Relic and AppDynamics track response times and error rates
■ Slower response times may indicate code problems or resource deficiencies
Infrastructure Monitoring
Observes physical and virtual infrastructure, including servers, networks, virtual machines, containers, and cloud services
■ Provides insights into network traffic, bandwidth usage, and device status
■ Tools like SolarWinds and PRTG Network Monitor help monitor network infrastructure
■ Overloaded network switches can signal the need for additional capacity or configuration issues