Use Cases

Total visibility of what is happening on your infrastructure.

The client needed a solution that would allow the collection of various information from the logs, the same came from different sources and with different purposes. The system administrators did not have full vision of what was happening in their infrastructures. The customer required particular attention to data security, as it is subject to PCI-DSS compliance: payment transactions are carried out on the software solutions provided by this customer in its infrastructure.

We have designed a log monitoring solution based on the Elastic stack (Elasticsearch, Logstash, Kibana). This solution allows our customer to access in real time a great set of information that can be obtained from the logs (accesses, application errors, problems on credit card transactions), allowing queries to be made on the logs of all the infrastructure. Furthermore it is possible to generate business intelligence dashboards and integrate other data sources. The solution is integrated with an Incident Management and Alerting system for the prompt resolution of the detected problems and a better Incident Handling process.

As with most of our projects, we used docker for all the stack components, and source version control via git. The stack is fully integrated through service discovery provided by consul that dynamically assigns the service to the healthy application, all data sources (firewalls, systems, applications, databases, etc.) send their logs to the logstash service using filebeat, wazuh and syslog. On Elasticsearch different indexes have been defined that represent the different types of logs collected, in addition retention policies and differentiated backups by indexes have been defined, maintaining live data according to the timing defined by the PCI-DSS framework in the case of card transaction data of credit, or from the GDPR in the case of the other logs. Numerous dashboards of Business Intelligence, access control, statistics on application errors and problems related to credit card transactions have been implemented on Kibana. Furthermore, authentication on Kibana is provided by the LDAP service already in use by the customer.

The customer has thus been able to derive numerous benefits from our solution, which is used daily by multiple business sectors, including Customer Support, Operations, Development, Marketing and Accounting, thus allowing a quick overview, a rapid intervention in the event of problems and ensuring PCI-DSS compliance.

The state of the performance at hand.

Our client was unable to identify certain slowdown points on the services he provided from his software solutions, and in development he had no vision of database performance and how new releases impacted network performance.

The performance monitoring solution, implemented by us, is based on Prometheus stack, multiple exporters and Grafana. The use of a versatile tool such as Grafana has allowed us to integrate additional monitoring systems (eg Icinga). In addition to monitoring, the solution also includes alerting via Alertmanager and integration with the VictorOps Incident Management system. The alerts are then forwarded directly to the available staff and notified on a dedicated channel on Slack.

We used docker for all the components of the stack and version control of the sources via git, the deployment of new releases of the various components of the stack took place through Marathon which was already in use by the customer.

Several dashboards have been defined on Grafana, relating to database performance, all application containers and the infrastructures that provide the services.

In this way, our customer was able to access a great set of information in real time, useful both in the development phase of the applications and in the services provided in production. The solution is actively used by our client’s NOC team, which thus has the opportunity to obtain important information from the aggregated data, allowing greater effectiveness of the Incident Response team.

NOC infrastructure

Our client needed to build a monitoring infrastructure and create a team that would deliver the service to its customers.

We have designed the client’s NOC (Network Operation Center), constantly providing our support in the management of problems. The solution adopted for the NOC is based on check_mk and FortiAnalyzer. On check_mk we have defined Business Intelligence maps that allow you to check the status of the service at a higher level, in addition each monitored infrastructure belongs to a directory where certain alerting and notification rules are defined. With FortiAnalyzer, on the other hand, a first level of monitoring of customer network security is carried out, Event Handlers have been defined to monitor interfaces, resources, attacks suffered (0-days, virus, malwares) and a report is generated monthly on about several metrics including bandwidth usage, number of users connected in VPN, failed login, top 10 attacks.

Thanks to this solution, our client delivers the monitoring service to numerous customers, and is now totally autonomous in managing the problems arising from the alarms defined on the monitoring platforms.

So, are you ready for Digital Transformation?

Let us take you with us.

You will be contacted as soon as possible.

So, are you ready for Digital Transformation?

Let us take you with us.

You will be contacted as soon as possible.