Critical
BGP Session Down AIS Proxmox
Network Sensor Monitoring Notes IT Environment Documentation Firewall Sensor Monitoring Configuration Severity critical Rule Query sql SELECT * FROM devices,bgpPeers WHERE (devices.device_id = ? AND devices.device_id = bgpPeers.device_id) AND bgpPeers.bgpPeerState != established AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1
Device Storage High Percentage Used (Size Greater Than 10GB)
Storage Sensor Monitoring . Server Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,storage WHERE (devices.device_id = ? AND devices.device_id = storage.device_id) AND storage.storage_size > 7000000000 AND storage.storage_perc > 85 AND devices.type != Printer AND devices.os != windows AND devices.hostname != ip-10-64-20-146 AND devices.sysName NOT LIKE ‘siem’ AND devices.hostname NOT REGEXP 10.0.32…. AND devices.hostname NOT REGEXP 10.0.32… AND devices.hostname NOT REGEXP 10.0.32.. AND devices.
Service Up/down Default
Configuration Severity critical Rule Query sql SELECT * FROM devices,device_group_device,device_groups,services WHERE (devices.device_id = ? AND devices.device_id = device_group_device.device_id AND device_group_device.device_group_id = device_groups.id AND devices.device_id = services.device_id) AND services.service_status != 0 AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1 AND device_groups.id != 62 AND device_groups.id != 249 AND services.service_type != ssl_cert
Devices Up/down
Server Sensor Monitoring Notes Network Sensor Monitoring Notes Configuration Severity critical Rule Query sql SELECT * FROM devices WHERE (devices.device_id = ?) AND (devices.status = 0 (devices.disabled = 0 devices.ignore = 0)) = 1 AND devices.type != Printer
Device Rebooted
Application Monitoring Notes Network Sensor Monitoring Notes Server Sensor Monitoring Notes Storage Sensor Monitoring Configuration Severity critical Rule Query sql SELECT * FROM devices WHERE (devices.device_id = ?) AND devices.uptime < 300 AND (devices.disabled = 0 devices.ignore = 0) = 1 AND devices.type != Printer
IPSec Tunnels Down
VPN Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,ipsec_tunnels WHERE (devices.device_id = ? AND devices.device_id = ipsec_tunnels.device_id) AND ipsec_tunnels.tunnel_status != active AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1
Dell Server Virtual Disk Failed/Degraded
Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [2|6] AND sensors.sensor_oid = .1.3.6.1.4.1.674.10893.1.20.140.1.1.4
Cisco Fan Status Failed
Network Sensor Monitoring . Notes Temperature Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current = 9 AND sensors.sensor_oid = .1.3.6.1.4.1.9.9.13.1.4.1.3
Port Status Up/down
Network Sensor Monitoring . Notes Wireless Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,ports WHERE (devices.device_id = ? AND devices.device_id = ports.device_id) AND (ports.ifOperStatus = down ports.ifAdminStatus != down (ports.deleted = 0 ports.ignore = 0 ports.disabled = 0)) = 1
APC UPS In Hardware Failure Bypass Mode
Appliance Sensor Monitoring . Power Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current = 10 AND sensors.sensor_type = upsBasicOutputStatus
APC UPS Switched To Battery Power
Appliance Sensor Monitoring . Power Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current = 3 AND sensors.sensor_type = upsBasicOutputStatus
Aruba Wireless AP Count Low Critical
Wireless Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,wireless_sensors WHERE (devices.device_id = ? AND devices.device_id = wireless_sensors.device_id) AND wireless_sensors.sensor_type = arubaos AND wireless_sensors.sensor_class = ap-count AND wireless_sensors.sensor_alert = 1 AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1 AND wireless_sensors.sensor_current <= wireless_sensors.sensor_limit_low
Cisco NX OS Device Has A Bad Fan
Network Sensor Monitoring . Notes Temperature Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = nxos AND sensors.sensor_type = cefcFanTrayOperStatus AND sensors.sensor_current = [3-4]
Cisco PSU Status Failed
Network Sensor Monitoring . Notes Power Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current = 8 AND sensors.sensor_oid = .1.3.6.1.4.1.9.9.13.1.5.1.3
Dell IDRAC Battery Status Failed
Appliance Sensor Monitoring . Server Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP 10 AND sensors.sensor_oid = .1.3.6.1.4.1.674.10892.5.4.600.50.1.5
Dell IDRAC Global System Status Critical/NonRecoverable
Appliance Sensor Monitoring . Server Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [5|6] AND sensors.sensor_oid = .1.3.6.1.4.1.674.10892.2.2.1
Dell IDRAC Virtual Disk Failed/Degraded
Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [3|4] AND sensors.sensor_oid = .1.3.6.1.4.1.674.10892.5.5.1.20.140.1.1.4
Dell Server Disk Array State Failed/Degraded
Storage Sensor Monitoring Server Sensor Monitoring Notes Storage Sensor Monitoring Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [2|5] AND sensors.sensor_oid = .1.3.6.1.4.1.674.10893.1.20.130.4.1.4
Dell Server Disk Controller State Failed/Degraded
Server Sensor Monitoring . Notes Storage Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [2|6] AND sensors.sensor_oid = .1.3.6.1.4.1.674.10893.1.20.130.1.1.5
Dell Server PSU State Critical/NonRecvoverable
Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [5|6] AND sensors.sensor_oid = .1.3.6.1.4.1.674.10892.1.600.12.1.5
HP Procurve Bad Power Supply
Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_oid REGEXP .1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.[2-5] AND sensors.sensor_current = 2
HP Procurve Fan Fault
Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_oid = .1.3.6.1.4.1.11.2.14.11.1.2.6.1.4.1 AND sensors.sensor_current = 2
HPE BladeSystem Has A Bad Fan
Server Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = hpblmos AND sensors.sensor_type = hpblmos_fanstate AND sensors.sensor_current = [3-4]
HPE BladeSystem Has A Bad Power Supply
Server Sensor Monitoring . Notes Power Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = hpblmos AND sensors.sensor_type = hpblmos_psustate AND sensors.sensor_current = [3-4]
HPE ILo Server Drive Degraded/failure
Server Sensor Monitoring . Notes Storage Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [3-4] AND sensors.sensor_oid = .1.3.6.1.4.1.232.3.2.5.1.1.37.
HPE ILo Server Fan Degraded/failure
Appliance Sensor Monitoring . Server Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [3-4] AND sensors.sensor_oid = .1.3.6.1.4.1.232.6.2.6.7.1.9.
HPE ILo Server Memory Degraded/failure
Server Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [3-4] AND sensors.sensor_oid = .1.3.6.1.4.1.232.6.2.14.13.1.20.
HPE ILo Server Power Supply Degraded/failure
Server Sensor Monitoring Notes Appliance Sensor Monitoring Power Sensor Monitoring Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current REGEXP [3-4] AND sensors.sensor_oid = .1.3.6.1.4.1.232.6.2.9.3.1.4.
Netscaler HA Node Mode Change
LoadBalancer Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = Netscaler AND sensors.sensor_type = sysHighAvailabilityMode AND sensors.sensor_current != sensors.sensor_prev AND sensors.lastupdate < DATE_SUB(NOW(),INTERVAL 5 MINUTE) AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1
Netscaler HA Node State Critical
LoadBalancer Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = Netscaler AND sensors.sensor_type = haCurState AND sensors.sensor_current REGEXP [2|4|5|7|10|11] AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1
Synology NAS Has A Failed Fan Status
Appliance Sensor Monitoring . Storage Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = dsm AND sensors.sensor_type = systemFanStatusState AND sensors.sensor_current = 2
Synology NAS Has A Failed Power Status
Storage Sensor Monitoring . Appliance Sensor Monitoring . Power Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = dsm AND sensors.sensor_type = powerStatusState AND sensors.sensor_current = 2
Synology NAS Has A Failed Status
Storage Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND devices.os = dsm AND sensors.sensor_type = systemStatusState AND sensors.sensor_current = 2
Syslog, Authentication Failure On Device
Login Failures Large amounts of failed login attempts in a short timeframe can be an key indicator of a brute force attack. Configuration Severity critical Rule Query sql SELECT * FROM devices,syslog WHERE (devices.device_id = ? AND devices.device_id = syslog.device_id) AND syslog.timestamp >= macros.past_5m AND syslog.msg REGEXP .authentication failure.
Syslog, Received Alert Priority Message
Application Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,syslog WHERE (devices.device_id = ? AND devices.device_id = syslog.device_id) AND syslog.timestamp >= macros.past_5m AND syslog.priority REGEXP alert
Syslog, Received Emergency Priority Message
Appliance Sensor Monitoring . Application Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,syslog WHERE (devices.device_id = ? AND devices.device_id = syslog.device_id) AND syslog.timestamp >= macros.past_5m AND syslog.priority REGEXP emergency
UBNT EdgeSwitch Chassis State Failed
Wireless Sensor Monitoring . Network Sensor Monitoring . Notes Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current = 3 AND sensors.sensor_oid = .1.3.6.1.4.1.4413.1.1.43.1.15.1.2.1
UPS Is Running On The Battery
Appliance Sensor Monitoring . Power Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,sensors WHERE (devices.device_id = ? AND devices.device_id = sensors.device_id) AND sensors.sensor_current = 5 AND sensors.sensor_type = upsOutputSourceState
Service Up/down
Appliance Sensor Monitoring . Configuration Severity critical Rule Query sql SELECT * FROM devices,services WHERE (devices.device_id = ? AND devices.device_id = services.device_id) AND services.service_status != 0 AND (devices.status = 1 (devices.disabled = 0 devices.ignore = 0)) = 1