ModSecurity Breach

ModSecurity Console

Overview

Keeping one server secure is tough enough, but what if you have several to maintain? By collecting the log and alert data in real time from remote ModSecurity sensors, ModSecurity provides a single place where you need to look to verify your web applications are secure.

Even if do you have only one web server to monitor, you would be better off using a tool that has a comfortable user interface, saves you time by automating the repetitive tasks, and generally makes your life easier by allowing you to focus on the things that really matter.

ModSecurity Console v1.0.5 is available for immediate download from Breach Security Network (BSN). For a limited time Breach Security offers free perpetual licences for up to 3 sensors. To generate your own licence please follow the instructions on the home page of the BSN.

This product is provided free of charge to the community, with best-effort support available on the main ModSecurity mailing list. ModSecurity Console is suitable for test environments and only light production use. Users looking to support many sensors with many alerts should evaluate the commercial ModSecurity Management Appliance instead.

Features

The following features are included:

  1. Self-contained application that comes with an embedded web server and an embedded database.
  2. Collects logs and alerts from any number of remote sensors in real time.
  3. User interface provides support for sensor, alert, and transaction management.
  4. Runs on any platform that supports JDK/JRE 1.4 or better.
  5. Installs in a few minutes.
  6. Automated maintenance options keep the database at a manageable size.
  7. Sensor activity history.
  8. Alerting facilities.
  9. Reporting facilities. Nice and shiny reports in PDF format can be scheduled or produced on-demand. Automatic distribution via email.
  10. Automatic DNS and Geo IP resolution.

Resources

You will likely need to tune the Console to use it in any non-trivial environment. The following resources may help you with this task:

  1. ModSecurity Console Performance Tuning
  2. Managing ModSecurity Alerts: More Console Tuning

You should also look into replacing the Perl script that is distributed along with the Console (and used to send transmit from ModSecurity sensors and into the Console) with mlogc. Mlogc is a part of ModSecurity as of version 2.5.