New Relic Insights Integration
You can export information about the attacks run against your application to NewRelic Insights.
Configuring the integration
Configuring the New Relic Insights integration is very easy, you can follow NewRelic Insights documentation to create a new Insert Key:
Copy your Account ID and the generated Key, and go to your Sqreen application’s settings:
You need to paste your Insight AccountId and Key under the “New Relic Insights” panel:
And start making your own security dashboard!
Data sent to NewRelic Insights
The attacks will be pushed with the eventType
sqreen_attacks with the following fields:
|path||The path attacked||
|ip_address||The attacker ip address||
|type||The attack type||
|verb||The HTTP verb used||
|user_agent||The attacker user_agent||
|scheme||The scheme of the attack point||
|geo_country||The computed country behind the attacker IP||
|geo_city||The computed city behind the attacker IP||
|geo_latitude||The computed latitude behind the attacker IP||
|geo_longitude||The computed longitude behind the attacker IP||
You can start making your own dashboards using NRQL queries.
For example, to visualize the top attacked paths on your application, you would do:
SELECT count(*) from sqreen_attacks facet path since 1 week ago
The resulting dashboard would look like: