security-icon-01

Endpoint Security State Template

Telegraf Plugins used:

Included Resources:

  • 1 Bucket: telegraf
  • 4 Labels: outputs.influxdb_v2, Telegraf, Solution, security
  • 1 Telegraf Configuration
  • 4 Checks:
    • Endpoint availablility
    • x509 Certificate status
    • Authentication is enabled
    • Authentication is working
  • 1 Dashboard: Endpoint Security State
  • 1 Variable: bucket

Quick Install

If you have your InfluxDB credentials configured in the CLI, you can install this template with:

https://raw.githubusercontent.com/influxdata/community-templates/master/endpoint-security-state/endpoint-security-state.yml

At its core, an endpoint is exactly what it sounds like - a remote device that communicates back and forth with any network that it happens to be connected to. Internet-of-things (also called the IoT) devices are a prime example of this idea in action, as are workstations, tablets, laptops, servers and more.

So if the computer in your home is connected to the Internet, for example, that computer would be considered the endpoint. If your business had 50 different workstations connected to the same internal network, those workstations would be considered endpoints as far as the network itself was concerned.

What is Endpoint Security?

Endpoint security refers to securing endpoints (devices like servers, laptops, and mobile devices) to protect them from risky activity and/or malicious attacks. One security mechanism you can use to secure these endpoints is endpoint authentication, which ensures only authorized devices can connect to the endpoint.

Never forget that endpoints are one of the key points that hackers and other cyber criminals around the world use to attack their victims. Rogue actors regularly execute code and exploit existing vulnerabilities in endpoints, giving them access not only to the data contained on that device — but also potentially an unrestricted way to get onto the network that endpoint is connected to. This can easily allow them to steal high value and otherwise critical data contained on an organization's business network, which is why endpoint security is absolutely an issue you want to address at all costs.

Why monitor the security state of the endpoint?

Monitoring the security state of endpoints helps you to understand the effectiveness of the endpoint detection and response. Having clear visibility in this area allows your security team to take advantage of threat intelligence, to help identify known threats and respond in a timely fashion.

Endpoint Security State Dashboard

How to use the Endpoint Security State Template

Once your InfluxDB credentials have been properly configured in the CLI, you can install the Endpoint Security State monitoring template using the Quick Install command. Once installed, the data for the dashboard will be populated by the included Telegraf configurations, which include the relevant http_response and x509_cert Input. Note that you might need to customize the input configuration to better serve your needs, including by specifying a new input value.

To find out more information about environmental variables within the Telegraf configuration, consult the following links for the http_response and x509_cert Telegraf plugins.

Key endpoint security state monitoring metrics to track

Some of the most important endpoint security state monitoring metrics that you should proactively monitor include:

  • Authentication state (on/off)
  • Authentication health (working or not)
  • Endpoint availability
  • Certificate expiration state (expiration date)

In addition to collecting the above metrics, this dashboard quickly lets the user know the health with these simple-to-understand icons:

  • ✅  Service is functioning as expected
  • ???? Service needs attention. The certificate will expire in less than 30 days.
  • ????  Service is critical. The endpoint is unavailable, the certificate is or will expire in less than 1 day, or the authentication is failing.
  • ❓ State of the service could not be determined.

Related Resources

HTTP Response Telegraf Plugin

The HTTP Response Input Plugin gathers metrics for HTTP responses.

X509 Cert Telegraf Plugin

This plugin provides information about X509 certificate accessible via local file or network connection.

Intro to Telegraf and the plugin ecosystem

How to install and configure Telegraf, InfluxDB’s native data collector that supports over 200 inputs and outputs.

Scroll to Top