Syslog configuration on Sangfor HCI / VDI This article explain how to forward logs from Sangfor HCI / VDI to SGBox: Go to System > Log or Monitor > Log Management
6.3.0 A new version of SGBox that improve a lot of backend features and performance has been released Playbooks can now run on remote probes Playbook can now executes custom script uploaded. Alarm can now be sent to a remote SOC Screenshot can now be added to an alarm Params can now be translated in […]
API Key configuration This articles explain how to configure SGBox to interact with Telegram API in order to send alert messages when a specific event occur. Requirements: SGBox version 4.2.4 with the LM and LCE modules. A Telegram BOT. There are many tutorial about how to configure a Telegram BOT. We choose @BotFather for our […]
Introduction In this article is explained how to create your OPSWAT API key and how to configure SGBox PB. API Key configuration Log in to OPSWAT portal: https://my.opswat.comClick in user Settings > Global > Server Integration Copy your API Key SGBox Application configuration Log in to SGBox and doownload OPSWAT application:From SCM > Application […]
Introduction In this article is explained how to create your Virus Total API key and how to configure SGBox PB. API Key configuration Log in to Virus Total portal: https://www.virustotal.com/gui/sign-in.Click in user icon > API Key Copy your API Key SGBox Application configuration Log in to SGBox and doownload Virus Total application:From SCM > […]
Syslog configuration on Proxmox On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog packet. apt-get -y install rsyslog Create file “20-SGBox.conf” file vi /etc/rsyslog.d/20-SGBox.conf Add the following row in order to send only authentication logs. Is […]
How to configurate Crowdstrike This guide provides instructions to configure Crodstrike console to send log to SGBox. In order to do that an additional software provided by Crowdstrike must installedi in your environment, alternatively you can use Crowdstrike application provided by SGBox. Following are the steps to configure Crowdstrike API client: Click on Configuration > […]
Troubleshooting on NVS In this guide, we show you how to perform debugging: to resolve certain issues that may arise on the NVS module and scan it manages. Troubleshooting “Hosts Not Alive” ProblemDuring the host discovery phase, the service checks if the host to be scanned is up and running in order to avoid wasting […]
Cynet – SGBox SIEM Integration Guide Configure Cynet to send syslog notifications to a remote Syslog. On your Cynet web interface, go to Setting > Advanced. Select the box beside Send Audit Records to SIEM. Go to Configuration > SIEM settings and enable the following configuration:– TCP– IP – public IP address of your syslog server– Port – port that […]