Menu
▾
▴
Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers.
|
From: Guus S. <gsn...@gm...> - 2021-09-13 22:13:43
|
Op vr 10 sep. 2021 15:23 schreef Shane Corbin <sc...@ew...>: > That’s actually the approach we have been taking until now, however with a > huge number of cyber attacks now targeted at industrial infrastructure, > it’s not enough to just sit around and wait for the producer to release an > update. The standards that we are required to adhere to are requiring us > to be even more proactive. That includes making a best effort to address > zero day threats that have not been patched by the producer. > I haven't worked this out completely, but I think some scripting can come a long way here. Still assuming the cental db with installed programs/packages/etc (along with the relevant hosts. Why not just query this DB and use some Zabbix functionality for log parsing? You'd still need to register the (vulnerable) versions/pkg rels, but that can be in the same DB. No need for complex, changing macro's; just a single log format to check. That should be easy enough to trigger on. It's still a lot of work to keep up2date, though (although the installed version info should be automated). Not a complete answer, perhaps something to look into? Always remember that complexity will come back to bite, later.... Mvg, Guus Snijders |
