On This Page
Concept of security events and security groups
The core of dhound functionality is security event concept. Dhound-agent collects security events on servers/devices and sends it on dhound servers where the information is analyzed, aggregated and visualized.
Dhound offers standard set of security events that can be collected on your servers: List of predefined security groups and events as well as ability to collect custom security events.
Security Events
Security Event metadata has the following important fields:- Security Id (sid): unique identifier of security event; reserved sids for custom events: 100000-200000
- Message: user friendly message about suspicous activity
- Default status: default status that will be assigned on security event after first analysis (warning, suspicious, reliable)
- Default Security Group: security group that event will be associated to; can be reassigned in rule files of dhound-agent
Security Groups
Security events are aggregated into containers called security groups.Security Group metadata has the following important fields:
- Security Group Id (gid): unique identifier of security group; reserved gids for custom groups: 100000-200000
- Name: human readable name