Configure login auditing MSSQL (SQL Server Management Studio) This article describes how to configure login auditing in SQL Server on Windows, to monitor SQL Server Database Engine login activity. Login auditing can be configured to write to the error log on the following events. Failed logins Successful logins Both failed and successful logins Use SQL […]
Microsoft 365 (Office 365) – SGBox SIEM Integration Guide This Guide explains how to configure SGBox to make API calls to Microsoft 365 (previously called Office 365) with the purpose of collecting events in SGBox SIEM related to activities managed by Microsoft 365. Requirements To complete the tasks outlined in this guide, you’ll need the […]
6.2.1 A new version of SGBox that improve a lot of backend features and performance has been released Advanced view on parameters when queries are used Various fixes SGBOX > SCM > Applications > SGBox Updates
6.2.0 A new version of SGBox that improve a lot of backend features and performance has been released New Alarm Manager introduced Incident Management reviewed Various fixes SGBOX > SCM > Applications > SGBox Updates
6.1.0 A new version of SGBox that improve a lot of backend features and performance has been released Archive process has been inproved Backend queues revisited Various fixes SGBOX > SCM > Applications > SGBox Updates
Custom reports are used to filter search results and extract information from different classes.To create a Custom report go to LM > Custom Report, this page open the list of existing reports but you can also create a new one. Requirements: SGBox version 6.0.0 Main Page The main page displays information about the Custom Reports, […]
LCE → Rules 📝 Add and modify new rule This page allows you to create and edit a rule. A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range. ✔️ Requirements: A mail server must be configured. Check the Configure a Mail […]
6.0.7 A new version of SGBox that improve features and performance has been released New LCE module interface 6.0.7 version of the collector Correction and improvement of various modules SGBOX > SCM > Applications > SGBox Updates
Cato Network – SGBox SIEM Integration Guide This Guide explains how to configure SGBox to make API calls to Cato Network with the purpose of collecting events in SGBox SIEM related to Network and IDS/IPS activities managed by CATO. To complete the tasks outlined in this guide, you’ll need the following: Create an API key […]
The collector is a virtual appliance based on the Linux operating system, and is responsible for performing certain tasks of SGBox, such as collecting logs from local data sources and sending them to SGBox, via HTTPS (port 443) by establishing an encrypted channel. In addition the collector offers caching capabilities if the communication between […]