Do you collect/discover process information?

 
1
0
-1

Do you discover process information on a host or VM? 

e.g.: PID, Process full name, Process path, Process Hash, Process Command Line Args, Local IP, Local Port, Destination IP, Destination Port, Protocol (TCP/UDP). 

How about also relating Process information (as above) to installed Services/Apps?

    CommentAdd your comment...

    2 answers

    1.  
      2
      1
      0

      Hello Z Mang,

      While we do not currently collect process information, the audit scripts are open-source and the required commands could be easily added. Open-AudIT DOES collect status of installed services (started/stopped/owner, etc).

      Please keep in mind that Open-AudIT is designed to be a device audit solution, and not live device monitoring. As such, the information it collects is a snap-shot, a moment in time for that device. As a result any process information you did collect would be limited to the state at the moment of collection; which would have limited value. If you need live state you might check into NMIS, Opmantek's network monitoring solution.

        CommentAdd your comment...
      1.  
        1
        0
        -1

        Hi Mark,

        Thanks for the quick response. Understood about NMIS choice and also the option of adding audit scripts. 

        A couple of  follow up questions.

        1. With either NMIS or the audit script option - can the software be run to collect just a subset of the information - e.g., just the process related information and the service state information, say?
        2. Can it be run every 5 min? every 1 min? Are there limitations on the frequency? 

        Thanks

        Z

        1. Mark Henry

          Z, Open-AudIT is not designed to run at that frequency. Again, it is an auditing tool, not a live network monitor. However, NMIS is a network monitor and can run at whatever frequency you need, pending appropriate resources on the polling server, latency and device response. NMIS comes preconfigured to collect everything about a device's health, CPU, memory, storage, network, services, etc. You can, however, adjust this to remove information you do not need or find beneficial. However, we do not recommend this approach as it makes troubleshooting and root cause determination more difficult. I suggest you checkout NMIS, our free and open-source network monitoring solution. You can read more about it on our wiki: https://community.opmantek.com/display/NMIS/Home

        CommentAdd your comment...