Integrate with New Relic Insights

You can configure Sqreen to send information about security events and incidents to New Relic Insights.

  1. Follow the New Relic Insights documentation to register a new Insert Key.
  2. In the Sqreen Dashboard, navigate to your Settings > Integrations.
  3. In the New Relic Insights pane, input values for your "Account ID" and "Insert Key", then Save.
  4. Navigate to your Protection modules to select a particular protection and adjust its settings to send data to New Relic. For example, navigate to Configuration > Runtime Application Self-Protection > Shell Injection. Use the interface to adjust the settings.
  5. If you use Security Automation Playbooks in Sqreen, navigate to Playbooks in your Sqreen Dashboard to create a new playbook and set the notification to send data to New Relic.
  6. In New Relic Insights, customize your dashboards using Sqreen messages.

Data Sqreen sends to New Relic Insights

The table below describes the event data that Sqreen sends to New Relic Insights. The eventType is sqreen_attacks.

Field Description Example value
path targeted app path /admin.php
ip_address attacker's IP address 172.17.3.46
type attack type bot_scanning, xss_injection, sql_injection, ...
verb HTTP verb the attacker used GET, POST, PROPFIND, UNCHECKOUT, ...
user_agent attacker user agent Arachni, Mozilla/4.0, ...
scheme attack origin scheme http or https
geo_country attacker IP country MYS, USA, ...
geo_city attacker IP city Dublin, Paris, ...
geo_latitude attacker IP latitude 9.51
geo_longitude attacker IP longitude 51.1