Concept of security events and security groups

The core of dhound functionality is security event concept. Dhound-agent collects security events on servers/devices and sends it on dhound servers where the information is analyzed, aggregated and visualized.

Dhound offers standard set of security events that can be collected on your servers: List of predefined security groups and events as well as ability to collect custom security events.

Security Events

Security Event metadata has the following important fields:
  • Security Id (sid): unique identifier of security event; reserved sids for custom events: 100000-200000
  • Message: user friendly message about suspicous activity
  • Default status: default status that will be assigned on security event after first analysis (warning, suspicious, reliable)
  • Default Security Group: security group that event will be associated to; can be reassigned in rule files of dhound-agent

Security Groups

Security events are aggregated into containers called security groups.
Security Group metadata has the following important fields:
  • Security Group Id (gid): unique identifier of security group; reserved gids for custom groups: 100000-200000
  • Name: human readable name

See Also