HomepageStake NowLog in ->

Third-party Alert Systems

Establish a systematic framework to identify, assess, and mitigate vulnerabilities in servers that interact with the Solana network, ensuring the confidentiality, integrity, and availability.

Scope

This policy applies to all Ubuntu operating systems deployed on the Solana infrastructure, including validator nodes, RPCs, and monitoring servers, as well as to authorized personnel managing those systems.

Vulnerability Identification

  • Confidentiality: Alerts must be treated as sensitive information.

  • Integrity: Alert sources must be verifiable and reliable.

  • Availability: Alert systems must be operational 24/7.

  • Legality: Compliance with current data protection and cybersecurity legislation.

Early Warning Services

  • Realize the vulnerabilities affecting the organization's systems as soon as they are published, which will reduce the time it takes to implement countermeasures.

  • Industrialize the application of patches to mitigate vulnerabilities in our systems, as well as a proper continuity plan for monitoring them.

  • Reduce the vulnerable attack perimeter after implementing the necessary control measures in security devices.

  • Preempt potential attacks targeting the organization.

  • Verify the functioning of the countermeasures implemented, ensuring their effectiveness.

  • Increase the maturity of the cybersecurity present in the organization.

We suggest using the following tools:

  • Wazuh / OSSEC

Installing wazuh:

Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. The table below shows the recommended hardware for a quickstart deployment:

Download and run the Wazuh installation assistant.

Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.

INFO: --- Summary ---

INFO: You can access the web interface https://<WAZUH_DASHBOARD_IP_ADDRESS>

User: admin

Password: <ADMIN_PASSWORD>

INFO: Installation finished.

Access the Wazuh web interface with and your credentials:

Deploy Agents:

The Wazuh agent was developed considering the need to monitor a wide variety of different endpoints without impacting their performance. It is supported on the most popular operating systems, and it requires 35 MB of RAM on average.

The Wazuh agent provides key features to enhance your system’s security.

Add the Wazuh repository to download the official packages:

Steps to deploy the Wazuh agent on your Linux endpoint:

Select your package manager and run the command below. Replace the WAZUH_MANAGER value with your Wazuh manager IP address or hostname:

Compatibility between the Wazuh agent and the Wazuh manager is guaranteed when the Wazuh manager version is later than or equal to that of the Wazuh agent. Therefore, we recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:

Follow the official documentation to know how to create and maintain internal users:

LogoWazuh RBAC - How to create and map internal userswazuh

Now, you can monitor your system. Vulnerability display manager example:

Alert display Management example:

Other Alerts Systems:

We recommend staying informed about the latest vulnerabilities and zero days. Some of the systems you can subscribe to include:

PreviousKeeperNextVulnerability Management

Last updated

Was this helpful?