BADWORDS security monitoring

What are Log Bad Words?

Log monitoring forms an essential part of IT operations management, helping organizations gain insights into system performance, security, and potential anomalies. ServicePilot, with its advanced logging capabilities, enables the efficient collection and analysis of Syslog and Windows Events, highlighting crucial data points and facilitating an in-depth understanding of system operations.

It also uses an innovative approach to log monitoring - it automatically identifies and analyzes log messages that contain "badwords" or potentially problematic keywords. These "badwords" typically include terms such as 'error', 'attack', 'denied', 'fatal', 'failed', 'unauthorized', 'corrupted', 'illegal', and more.

This automatic analysis enables quick identification of possible issues and helps in taking swift remedial measures. With various types of searches are performed on all the hosts forwarding Syslogs and/or Windows Events to ServicePilot, you can have a comprehensive analysis of suspect log data. For instance, whenever the system finds the "unauthorized" keyword in any Syslog, we can trigger an informational alert if we want to.

How to monitor Bad Words in your log data?

ServicePilot makes it easy to monitor "badwords" in log data with no configuration required on the target server. Simply add a security-badwords package to your monitoring environment and ServicePilot automatically performs a variety of pre-built searches in order to automatically analyze certain bad keywords from Syslogs and/or Windows Events collected by ServicePilot.

Bad words are keywords such as error, attack, denied, fatal, failed, unauthorized, corrupted, illegal...

Different types of searches are performed:

• Bad words matching any Syslog containing these bad keywords will trigger an informational alert.
• Bad words matching any Windows Event containing these bad keywords will trigger an informational alert.

How to install a badwords resource?

1. Use your ServicePilot OnPremise installation or a SaaS account.
2. Add a new badwords resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the badwords package are located in the /prmpackages page of the software.

Benefits

ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology BADWORDS with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore our plans or contact us to find what works best for you.