Quick Start Observability for NGINX
Talk to you soon!
Coralogix Extension For NGINX Includes:
Dashboards - 2
Gain instantaneous visualization of all your NGINX data.
Alerts - 8
Stay on top of NGINX key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Slow HTTP Denial of Service attack (DoS)
Nginx extension pack In a slow HTTP POST attack, the attacker declares a large amount of data to be sent in an HTTP POST request and then sends it very slowly
More than usual non-GET/POST requests
Nginx extension pack Usually, requests to a website are done VIA GET or POST methods. Other requests are commonly used by malicious actors.
A new non-browser user-agent detected!
Nginx extension pack
More than usual 5xx responses
Nginx extension pack
More than usual 4xx responses
Nginx extension pack
High ratio of 5xx responses over 8%
Nginx extension pack
High ratio of 4xx responses over 12%
Nginx extension pack
No logs from NGINX
This rule detects if there are no logs in the last 4 hours for NGINX in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562
Integration
Learn more about Coralogix's out-of-the-box integration with NGINX in our documentation.