12.15.21

Is GroundWork Monitor affected by CVE-2021-44228

Is GroundWork Monitor affected by CVE-2021-44228? GroundWork routinely scans released and supported versions for critical vulnerabilities.

For example, on Friday, December 10th, 2021 we scanned GroundWork Monitor Enterprise Edition (EE) versions 8.2.0 and 8.2.1 for the Log4Shell CVE-2021-44228 zero-day vulnerability. On Monday, December 13th, 2021 we also scanned versions 7.2.1, 8.1.3, 8.2.0 and 8.2.1 using updated signatures that came out over the weekend. Our engineers also hand-reviewed the systems to see if any known exploitable configurations exist. The results indicate that GroundWork Monitor (EE) 7.2.1 is not vulnerable. While there is a vulnerable version of log4j 2.11.1 in a few containers in version 8.x, there is no opportunity to exploit it remotely. So no action is needed to secure any supported GroundWork Monitor system for this vulnerability.

Read More

07.13.21

The Role of GroundWork Monitor in Security Monitoring

MonitoringThe GroundWork team has reviewed industry analysis of the recent Kaseya VSA incident, and while details are still being revealed, there are some useful take-aways we want to share. In particular, certain aspects of preparedness and indicators of active compromise can be monitored. We also want to talk a little bit about where GroundWork Monitor fits into security monitoring as a whole. 

Read More

07.12.21

Mitigating Alarm Fatigue with GroundWork Messenger

Mitigating Alarm Storms using GroundWork Monitor & Mitigating Alarm Fatigue with GroundWork MessengerGroundWork Monitor Enterprise version 8.2.0 offers enhancements that build on the capabilities we have mentioned in past blogs. While all the dependencies, parent-child, and service and host dependencies are present as before, we have gone through our notification system and revamped it with an eye to making it easier to get the right alerts to the right people, with the right methods. 
Read More

04.20.21

Application Monitoring with Spring Boot, Prometheus, and GroundWork Monitor

       

In our previous Blog, we introduced how we use Prometheus and the GroundWork Application Performance Monitoring (APM) connector to instrument a GoLang program to send metrics to GroundWork Monitor Enterprise. In this article, we continue with more Prometheus examples, but this time we demonstrate how to instrument a Java application with Spring Boot for easy monitoring. With just a few annotations, your Spring Boot application will generate metrics in the Prometheus Exposition format, and we will then show how easy it is to send those Spring Boot metrics to Groundwork Monitor.

Read More

02.16.21

Using Let’s Encrypt Free Certs with your Linux Servers

Part 2 of our Blog series on certificates focuses on a practical matter: using the free Let’s Encrypt certificates to secure servers that may not be publicly available, but still need better security than self-signed certs can give you. 

As we explained in our last blog on this subject, to use HTTPS encryption with certificates, you can choose from a number of options:

  • self-signed certificate
  • a cert from a private Certificate Authority (CA), in this case, you or your company run the CA, not a trivial task!
  • a certificate signed by a Root CA you trust

GroundWork supports any of these (or even two at once on the same server). What you choose to use depends on a lot of things, like your tolerance for trust failure reports in your browser from self-signed or private CA certificates. Basically, only root-signed certs are trusted by browsers out-of-the-box, so unless you want to deal with users reporting and complaining about those failures, and explaining how to explicitly trust the certs you use, it’s best to use certs signed by a Root CA.

Read More

01.12.21

Looking Inside TLS Certificates

The Difficulty of Dealing with Certs

In the last decade, it has become increasingly important to secure websites and applications using HTTPS instead of HTTP. A GroundWork Monitor installation is no exception, so in GroundWork 8, using HTTPS to access the system is the default setup, and you can add TLS certificates to it that you generate or purchase. See Adding Certificates to HTTPS for more information on doing so. TLS (Transport Layer Security) is the successor to the now-obsolete SSL (Secure Sockets Layer), and TLS certificates support the companion protocol that uses modern cryptography to ensure your HTTPS data on the wire cannot be usefully seen by or altered by third parties.

When dealing with certificates, there are many technical questions about how to efficiently and effectively manage the security setup on a web application. While GroundWork does offer several ways to manage certs and system naming, it’s important at the start to make sure you have the right certificates to begin with. To that end, this post describes a small tool we have developed to assist in this process. Future blog posts and documentation pages will cover additional aspects of the security setup on GroundWork systems.

Read More

12.17.20

Detecting Sunburst Network Traffic

What is Sunburst?

Recent news reports of widespread infiltration of IT systems and the possibility of exfiltration of data are very concerning, and always brings up the questions:

  • How did this happen?
  • What can be done to prevent this from happening to us?
  • How can we monitor our own systems to ensure they are not currently compromised?

In case you haven’t already seen a description, “Sunburst” is malicious code which attaches itself to legitimate libraries, installs itself as a service, then reaches out to command-and-control remote network infrastructure to prepare a second stage of attack: to move throughout the environment and compromise or exfiltrate data. Pretty nasty stuff, and we should all be concerned.

Read More

12.15.20

Monitoring Oracle Database

Monitoring Oracle Database with Linux GDMA

GroundWork Monitor makes it simple to monitor the health of Oracle databases, whether the need is simple monitoring of availability or for capacity planning purposes.

Oracle databases may be monitored either directly on the Oracle host or from a different host, using the GroundWork Distributed Monitoring Agent (GDMA). In both scenarios, SQL queries are used to provide the data from the database. This offers flexibility in that any Oracle query you create that returns a numerical result can be monitored as well as measured. As database monitoring needs vary on the organizational level – and even the database level, this flexibility is important.

Read More

07.15.20

Mitigating Alarm Storms in GroundWork Monitor

Mitigating Alarm Storms using GroundWork MonitorGroundWork Monitor offers Parent Child configurations for distributed monitoring, enabling the monitoring of a subset of an infrastructure where Child servers report the state and performance metrics to a central, or “Parent” GroundWork server.

What this Blog post is focused on is not a Parent Child architecture configuration, but instead the other kind of Parent Child: the relationships and inherent dependencies that can be configured to control the behavior of hosts and services based on the status of one of more other hosts and services.
Read More

06.04.20

The Value of Correlation

Why Correlation?

Data that is static or that behaves the same way day-to-day isn’t indicating aberrant behavior. Looking at the correlation of data from today with data from yesterday can tell you if today is different in some way: positive correlation means today is related to yesterday, particularly if deviation is high. Negative correlation with high variability means that today isn’t like yesterday at all. 

Is something going wrong?

One of the problems you have when looking at operational data is that frequently, it’s not really obvious when something is going wrong. If you are within normal parameters, i.e.,  simple thresholds haven’t been crossed, then what can you tell about how a system is performing today? Read More