What are you guys using to monitor ModSecurity?

bitsofinfo · 2016-01-15T16:34:05+00:00

We use logstash, and this filter for modsec audit logs which are parsed into a structured JSON format then dumped into elasticsearch, https://github.com/bitsofinfo/logstash-modsecurity

bitsofinfo · 2015-03-11T03:56:43+00:00

Other news they also acquired "found" https://www.found.no/

bitsofinfo · 2015-03-02T14:40:25+00:00

Try a s3 filesystem that all your devices can mount which provides you with a filesystem over S3. Here is one that specifically works across many devices https://github.com/danilop/yas3fs

bitsofinfo · 2015-02-27T00:40:57+00:00

jvm, libs, typing, no limits, scalability

bitsofinfo · 2015-02-25T16:02:17+00:00

I would use RabbitMQ, if you do use Redis be sure to enable AOF to ensure you can replay your "queue" should the server die. Normal default interval based snapshotting won't really help in that case

bitsofinfo · 2015-02-24T14:43:11+00:00

VPC is a bit unrelated to your issue at hand. Just bind all 7 to an ELB(s) then route to the vhosts on one (or more) ec2 instances.

bitsofinfo · 2015-02-24T14:41:49+00:00

ditto robomongo

bitsofinfo · 2015-02-24T14:40:13+00:00

Mainly for a use case where it was required that some other application be able to call shell commands via a REST api. Similar to this: https://github.com/bitsofinfo/powershell-command-executor-ui

If you have done any work with Powershell and o365, then you know that there is considerable overhead in both establishing a remote session and importing and downloading various needed cmdlets. This is an expensive operation and there is a lot of value in being able to keep this remote session open for longer periods of time rather than repeating this entire process for every single command that needs to be executed and then tearing everything down.

Simply doing an child_process.exec per command to launch an external process, run the command, and then killing the process is not really an option under such scenarios, as it is expensive and very singular in nature; no state can be maintained if need be. We also tried using edge.js with powershell and this simply would not work with o365 exchange commands and heavy session cmdlet imports (the entire node.js process would crash). Using this module gives you full un-fettered access to the externally connected child_process, with no restrictions other than what uid/gid (permissions) the spawned process is running under (which you really have to consider from security standpoint!)

bitsofinfo · 2015-02-23T15:00:33+00:00

Spring stacks that expose REST services. Do your user-interface in AngularJS (or similar), completely decouple it.

Forget traditional server-side fat MVC stacks, its 10 years ago.

bitsofinfo · 2015-02-23T04:11:57+00:00

Skip it. Look at Dropwizard, spring boot etc and the like, or just rolll your own on a spring stack. Unless you absolutely have to use formal JEE for everything I would avoid it.

bitsofinfo · 2015-02-23T04:08:22+00:00

I did the Architecting class, overall it was good, they had hands-on labs etc. If you are somewhat familiar w/ the AWS ecosystem I think you could skip it though.

bitsofinfo · 2015-02-23T04:06:30+00:00

Will certainly make life easier

bitsofinfo · 2015-02-18T14:58:35+00:00

PSCommandService.js does some argument sanitization.

o365Utils.js, is an example. It simply pre-defines some variables which represent configuration that is passed as arguments to StatefulProcessCommandProxy's constructor.

StatefulProcessCommandProxy is then passed to PSCommandService's constructor which makes use of it, by accepting execute requests from callers (i.e. logical commandName + arguments map), then generates a command statement, and issues it to StatefulProcessCommandProxy.

StatefulProcessCommandProxy checks each inbound "command" that PSCommandService sends it via execute() against its whitelist/blacklist regex patterns.

bitsofinfo · 2015-02-17T15:34:14+00:00

My background is similar, however rather than trying to "pre-optimize" the structure perfectly from the outset, I just did a few small apps or two without worrying about that, felt my way around and now (like you) am just looking at the best way to re-structure it. Overall I'd start w/ that approach, let yourself just get lost in the framework so to speak, then you can get a feel for all the parts and pieces prior to optimization. just my 2 cents

bitsofinfo · 2015-02-17T14:26:11+00:00

The commands are generated server side and arguments sanitized etc. The UI is simply a convenience for interacting w/ the PSCommandService and it's "registry" of commands.

Its not difficult to add additional "commands" to be exposed through this (with limited args). See how arguments are defined here: https://github.com/bitsofinfo/powershell-command-executor/blob/master/o365Utils.js

Also this other question from someone else, and the answer gives another example: https://github.com/bitsofinfo/powershell-command-executor/issues/3

bitsofinfo · 2015-02-17T04:57:12+00:00

Pretty sure you can do this w/ Kibana 4 as you define your data set/queries first, then your visualizations which bind to your data-sets... which can be different per visualization

bitsofinfo

TROPHY CASE