Thiago Teixeira
EN | PT

Nagios

Nagios Enterprises

Veteran open-source infrastructure and service monitoring system with a huge plugin ecosystem.

Logging & SIEM Freemium Platform / Suite Learning Linux
Homepage Docs

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain
1 Reconnaissance
2 Weaponization
3 Delivery
4 Exploitation
5 Installation
6 Command & Control
7 Actions on Objectives
Defender — IR Lifecycle
8 Preparation
9 Detection & Analysis
10 Containment, Eradication & Recovery
11 Post-Incident Activity

Description

Nagios is one of the oldest and most widely deployed infrastructure monitoring systems. Nagios Core is free and open-source; Nagios XI is the commercial product with a modern web UI. Either version polls hosts and services via plugins (NRPE, NCPA, SNMP, scripts) and raises alerts when thresholds break.

For CySA+, Nagios appears as a preparation/detection-phase tool that watches the health and availability of the environment. Its alerts complement (rather than replace) a SIEM and are often ingested as syslog events.

Use cases

  • Service/host uptime monitoring for SLAs
  • Triggering paging/runbook automation on service degradation
  • Feeding availability events into a SIEM
  • Detecting performance spikes correlated with attacks (DDoS, crypto-miners)

Example

# Example service check via NRPE
define service {
    host_name           web-prod-01
    service_description CPU Load
    check_command       check_nrpe!check_load
}