Security Event Monitoring with InfluxDB

Time series databases are a critical and natural solution for your security events and anomalies. Quickly inform the alerting and incident response process without having to dig into log files.

What is security event monitoring?

Security event monitoring provides real-time monitoring, correlation and expert analysis of activity in your environment, detecting and alerting on valid threats to your data and devices.

Why InfluxDB for security event monitoring?

Security monitoring is complex. Successful implementation of a security monitoring infrastructure involves people, process, technology and data, and requires multiple iterative phases to reach maturity. The data component comes from consuming log files from every possible asset, be it an application, database, virtual machine, operating system, server, network component, storage, even intelligent power strips. Log data from these assets will help with the following:

  • Identifying security incidents
  • Monitoring policy violations
  • Establishing baselines
  • Assisting non-repudiation controls
  • Providing information about problems and unusual conditions
  • Contributing additional application-specific data for incident investigation which is lacking in other log sources
  • Helping defend against vulnerability identification and exploitation through attack detection

But log data on its own is not an efficient way of finding the anomalies and therefore, this data should be collected and organized in a collection of time series. This data set provides a way to correlate time series events that enable incident detection, response, remediation and forensics workflows to be timely and successful.

The functional architecture of the InfluxData security monitoring platform

Specific Telegraf components

Fail2ban Telegraf Plugin
X.509 Certificate Telegraf plugin
ExecD Telegraf Plugin: Ockam

Specific InfluxDB Templates

X.509 SSL Certificate Monitoring Template

This X.509 SSL Certificate Monitoring Template monitors SSL certificates’ expiration date on a regular basis.

Endpoint Security State Template

Monitoring the security state of endpoints helps you to understand the effectiveness of the endpoint detection and response.

Fail2ban Monitoring Template

Download the free Fail2ban Monitoring Template to block IP addresses that might be trying to breach your system’s security.

Ockam logo

"Trust and the Internet of Things
When information is gathered from a large number of devices out at the edge, ensuring that data is reliable and trustworthy can be challenging. Ockam provides open source tools and libraries that make it easy to establish and maintain mutually authenticated secure channels between fleets of globally distributed devices and InfluxDB."

Watch this Webinar

Aporeto strengthens security operations for enterprises in hybrid and multi-cloud environments.

“InfluxDB is absolutely central to the Aporeto solution…It gives us the awesome performance profile that’s required for the huge-scale environments that our customers are putting us to use in, and the complexity is very low.”

Don Chouinard
Product Marketing Lead, Aporeto

Security event monitoring news

View all posts
Using Google Workspace Data for Security Observability

By Darin Fisher | Apr 18, 2022 | CommunityDeveloperSecurity

This article was originally published in The New Stack. Keeping your systems secure is a never-ending challenge. Not only is it necessary to monitor and secure your own tech stack, but each new service a company uses creates another potential avenue for bad actors to try to exploit for their ...
How We Use InfluxDB for Security Monitoring

By Darin Fisher | Jan 29, 2021 | CommunityDeveloperInfluxDBSecurity

At InfluxData, we believe it makes sense to use a time series database for security monitoring. In summary, it’s because security investigations are inevitably time-oriented — you want to monitor and alert on who accessed what, from where, at which time — and time series databases like InfluxDB are very ...
Scroll to Top