6.4.0 A new version of SGBox that improve a lot of backend features and performance has been released ADE – ability to collect data using a remote probe (collector) ADE – interface restyling ADE – backend refactoring for performance improvement TO UPDATE SGBOX -> SCM > Applications > SGBox Updates
6.3.2 A new version of SGBox that improve a lot of backend features and performance has been released Varius Fixes TO UPDATE SGBOX -> SCM > Applications > SGBox Updates
The Online Log Manager This guide explains how to import encrypted raw logs saved on the SGBox disk online, in order to analyze them from the Historical Search page. Online Log Manager LM -> Configuration -> Online Log Manager: this interface allows you to view, for each host, the number of encrypted logs stored on […]
Purpose of the syslog forwarder The purpose of the Syslog Forwarder feature in SGBox is not merely log duplication, but the intelligent filtering and selective redistribution of security data. The primary purposes are Centralization and Archiving (Compliance): Sending only critical or relevant logs to a long-term log server (e.g., a dedicated archive) to meet compliance […]
API configuration on MISP This guide describes the installation and configuration of the MISP integration for SGBox. It enables users to make API calls, download feeds into SGBox, and perform cross-analyses between SGBox events and MISP data. Enable integration with MISP Generating an API Key Access the MISP web interface as an administrator and go […]
6.3.1 A new version of SGBox that improve a lot of backend features and performance has been released LM – new keywords can be used to query events, to join all parameters of the same category into one: $SOURCEADDRESS, $DESTINATIONADDRESS, $SOURCEUSER, $DESTINATIONUSER SCM – from a events widget of a dashboard, multiple parameter values can […]
Syslog congiguration on Darktrace Log in to your DarkTrace Management Console. Go to the System configuration > Modules. Look for “Workflow Integrations” > search: Syslog. Enter the details of your SGBox and how to send logs: IP Address/Hostname: The address of SGBox Port: 514 (standard) Protocol: Choose UDP protocol. Format: CEF
Syslog congiguration on Deceptive Bytes The procedure is carried out primarily within the platform’s Management Console. Log in to your Deceptive Bytes Management Console. Go to the Settings (or Configuration) section from the main menu. Look for the Integrations or External Logging / Syslog option. Enter the details of your SGBox: IP Address/Hostname: The address […]
Syslog configuration on Sangfor HCI / VDI This article explain how to forward logs from Sangfor HCI / VDI to SGBox: Go to System > Log or Monitor > Log Management