6.3.0 A new version of SGBox that improve a lot of backend features and performance has been released Playbooks can now run on remote probes Playbook can now executes custom script uploaded. Alarm can now be sent to a remote SOC Screenshot can now be added to an alarm Params can now be translated in […]
API Key configuration This articles explain how to configure SGBox to interact with Telegram API in order to send alert messages when a specific event occur. Requirements: SGBox version 4.2.4 with the LM and LCE modules. A Telegram BOT. There are many tutorial about how to configure a Telegram BOT. We choose @BotFather for our […]
Introduction In this article is explained how to create your OPSWAT API key and how to configure SGBox PB. API Key configuration Log in to OPSWAT portal: https://my.opswat.comClick in user Settings > Global > Server Integration Copy your API Key SGBox Application configuration Log in to SGBox and doownload OPSWAT application:From SCM > Application […]
Introduction In this article is explained how to create your Virus Total API key and how to configure SGBox PB. API Key configuration Log in to Virus Total portal: https://www.virustotal.com/gui/sign-in.Click in user icon > API Key Copy your API Key SGBox Application configuration Log in to SGBox and doownload Virus Total application:From SCM > […]
Syslog configuration on Proxmox On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog packet. apt-get -y install rsyslog Create file “20-SGBox.conf” file vi /etc/rsyslog.d/20-SGBox.conf Add the following row in order to send only authentication logs. Is […]
Troubleshooting on NVS In this guide, we show you how to perform debugging: to resolve certain issues that may arise on the NVS module and scan it manages. Troubleshooting “Hosts Not Alive” ProblemDuring the host discovery phase, the service checks if the host to be scanned is up and running in order to avoid wasting […]
Cynet – SGBox SIEM Integration Guide Configure Cynet to send syslog notifications to a remote Syslog. On your Cynet web interface, go to Setting > Advanced. Select the box beside Send Audit Records to SIEM. Go to Configuration > SIEM settings and enable the following configuration:– TCP– IP – public IP address of your syslog server– Port – port that […]
Troubleshooting on Collector 6 In this guide, we show you how to perform debugging: to quickly check if the collector has all the main processes active for correct communication with the Host or SGBox appliance. Docker and containers Collector 6 introduces the use of docker and containers, to activate them correctly, it is necessary do […]
6.2.5 A new version of SGBox that improve a lot of backend features and performance has been released SGBOX > SCM > Applications > SGBox Updates SCM: different dashboards can now be opened simultaneously in tabs LM: CSV export added in query builder page and class/pattern analysis detail view LM: Syslog now supports log forwarding. […]