medieval castle with large towers

 

projects page

we are going to highlight some of our most interesting projects and work here. feel free run with it

here’s what is coming.

  • fortinet SSLVPN auto-ban list, and subnet blocking

    • we manage a number of fortinet firewalls with SSL VPN - yes its going away, but currently to keep it more secure, the firewalls use a webhook to feed the source IP to a web API. This uses an ip look up tool to determine the source and if it gets an IP ban or we escalate it to a full subnet ban.

    • this will be elaborated on and source code posted etc. so it can be duplicated if you are interested

    • our list has about 4000 IPs on it that are currently blocked and about 4000 subnets - all from the US - but you could make this work from anywhere as well as adopt any triggers for the webhook so you can ban on IPS triggers etc.

  • AD detection scripts, for security related events

    • we use an go API with powershell scripting to collect specific logs from windows servers related to AD events that are important

      • new user creation

      • any change to the domain admins group

      • account lockouts

      • dcdiag output monitoring - anything not healthy at the moment.

    • no agent software and no installers to update on the client servers

      • this give us as small of a footprint as we can make and still see what we need to see

  • check-in API for backup jobs

    • we use veeam mostly for backups and rather than read all the reports every day from veeam, the jobs check in to a web api when successful. if 24hrs goes by without a successful check in we send an alert.

  • custom monitoring: we still use nagios for monitoring and alerting due to its simplicity and customization so that we can build anything we need.

    • by anything we mean anything, kafka cluster topics, sure, grab values like messages per second and compare with trends over last week, is one behind? - send alerts.

    • easy dell server health, monitor the idrac with snmp and 2 queries gives you the full picture of its health. storage, power etc.

    • same for windows, get the basics on alert, disk space, uptime and you can infer more data from this.

      • if uptime is too long, and its windows, its probably not updating or being patched. mmmmm

      • disk space should not ever catch you by surprise - monitor these with SNMP and alert when any volume is above the threshold.

    • ssl certs - easy to check with nagios checks, always be aware of when they are going to expire

      • or if they are not auto-renewing with ACME etc

    • need temperature monitoring of server closets etc? servers have inlet temp sensors usually, same with switches etc. Also collecting this data can be pushed/scraped to grafana and reviewed for trends over time. or alerts from within grafana and skip the nagios all together.

  • do you need temperature monitoring, dell idrac built in, also most switches etc

    • grab that data with snmp poll then pull into a DB can use nagios to check it and alert and drop to DB for grafana - also can alert from grafana if you want

    • need to get this running for demos