This is slightly off topic perhaps.
InsightVM, being a security tool, could be an interesting object for hackers and such to get acces to.
Does anybody know a way to monitor unautherised login attempts to InsightVM, running on Ubuntu, in real time?
I know you can script and schedule monitoring the different application logs for certain strings.
If you’re looking at monitoring the actual access to the application you could review the auth.log file.
Troubleshooting | InsightVM Documentation.
Yeah, its totally possible. Turn on SAML, DUO, or any type of SSO or MFA with logging, build a custom alert in InsightIDR, and use the webhook feature to post it to your favorite chat or alerting app. If you have InisghtConnect, you can parse it first as part of an automation. You can do the same thing in GoogleAppScript, Powershell, or whatever language you have the ability to do custom parsing and formatting in.
Thank you both.I’ll look into those possibillities.