Microsoft IIS

Version: Microsoft IIS 8.5 and later

IIS (Internet Information Services), is a web server created by Microsoft. The IIS is designed to deliver high speed and secure information publishing, while also serving as a platform for developers and independent software vendors to extend the Internet’s standard communication capabilities.

Netsurion Open XDR supports traffic logs from Microsoft IIS. It gives you statistical reports of client requests, URI accessed, HTTP errors and HTTP method used. It also identifies the client browser and operating system used by the clients. From the security point of view, it detects suspicious URI requests run by the client and identifies attacks like SQL injection and cross site scripting. One can pinpoint the performance bottlenecks by tracking the slow loading pages of the website. Pages visited by a user can be tracked by using the user journey data.

Netsurion Data Source Integration for Microsoft IIS allows you to monitor the following components:-

  • Security – Microsoft IIS Directory traversal, Microsoft IIS Backup finder, Microsoft IIS Cross site scripting, Microsoft IIS Malicious SQL injection
  • Operations – Microsoft IIS Web traffic details, Microsoft IIS Site with errors, Microsoft IIS Referral report

Once Microsoft IIS is configured to deliver events to Netsurion Open XDR; knowledge objects and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Reports

Type Name Description
Security Microsoft IIS – Directory traversal This report provides information related to restricted directories.
Security Microsoft IIS – Backup finder This report provides information related to suspicious commands running by the client for data backup.
Security Microsoft IIS – Cross site scripting This report provides information about suspicious cross site scripting queries run by the client.
Security Microsoft IIS – Malicious SQL injection This report provides information about suspicious SQL queries run by the client which we can be compared with the MSSQL-Extended error details report for investigating SQL injection.
Operations Microsoft IIS – Web traffic details This report provides information of all HTTP request and responses sent and received by IIS server.
Operations Microsoft IIS – Site with errors This report provides count and error codes for requested URI’s.
Operations Microsoft IIS – Referral report This report provides information about the client accessed URI’s.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x and later, and Microsoft IIS.

Download Integration Guide and How-to Guide for configuration instructions and more information.