New Relic Insights Integration


You can export information about the attacks run against your application to NewRelic Insights.

Configuring the integration

Configuring the New Relic Insights integration is very easy, you can follow NewRelic Insights documentation to create a new Insert Key:

insights.png

Copy your Account ID and the generated Key, and go to your Sqreen application’s settings:

Screen Shot 2016-11-10 at 10.50.59.png

You need to paste your Insight AccountId and Key under the “New Relic Insights” panel:

Screen Shot 2016-12-09 at 5.15.42 PM.png

And start making your own security dashboard!

Data sent to NewRelic Insights

The attacks will be pushed with the eventType sqreen_attacks with the following fields:

path The path attacked /admin.php
ip_address The attacker ip address 172.17.3.46
type The attack type bot_scanning, xss_injection, sql_injection, ...
verb The HTTP verb used GET, POST, PROPFIND, UNCHECKOUT, ...
user_agent The attacker user_agent Arachni, Mozilla/4.0, ...
scheme The scheme of the attack point http or https
geo_country The computed country behind the attacker IP MYS, USA, ...
geo_city The computed city behind the attacker IP Dublin, Paris, ...
geo_latitude The computed latitude behind the attacker IP 9.51
geo_longitude The computed longitude behind the attacker IP 51.1

You can start making your own dashboards using NRQL queries.

For example, to visualize the top attacked paths on your application, you would do:

SELECT count(*) from sqreen_attacks facet path since 1 week ago

The resulting dashboard would look like:

Insights_by_New_Relic.png