SGBox Troubleshoot There are some tools you can use via CLI in order to check if there are some problems to receive or visualize data. Connect via ssh (using a program like Putty) to SGBox specifying the user cli. If you haven’t changed them through the wizard, the default credentials are: user: cli pass: CL1changePW […]
Triggering a Playbook from LCE module Any playbook can be launched as a reaction to a LCE rule, when the rule is triggered. Simply add the Run playbook action to the rule, then select a playbook or choose to create one from scratch. You will be redirect to the playbook configuration page. The playbook must […]
Run playbooks trigger to perform other tasks Run a playbook from outside SGBox The trigger must be the start node of the playbook. When it’s called, the PB starts and follows its normal flow. A URL is provided to call the playbook via browser or any HTTP request (e.g: CURL). Test URL has to be […]
Use IF condition on playbook response List of operators that can be used to compare the 2 values of a condition: Equals: returns TRUE if Value 1 = Value 2 Greater than: returns TRUE if Value 1 > Value 2 Greater or equal: returns TRUE if Value 1 >= Value 2 Less than: returns TRUE […]
Use Playbooks to retrieve logs Logs nodes allows you to take an input, usually coming from a request to an API to retrieve logs, and process it to extract and store to SGBox a set of log lines. The input always comes from a previous node in the flow. Select a node from the list […]
Create SGBox List using Playbooks Nodes allows you to extract, from an input, a list of values to be stored into SGBox, when the playbook is associated with a feed. The input always comes from a previous node in the flow. Select a node from the list to show its output. Available nodes, to manage […]
Generic API request This node can be configured with url, headers and parameters to get the output from any HTTP API. URL – if the complete url is already known, insert it into the Value field and select Fixed as type. Otherwise, the url can be composed of several concatenated url parts, added by Each […]
Multiclass Analysis The Multiclass Analysis is usefull when you need to show a subset of the collected information. In this tool you can use regex to filter the different information. Following the release of version 6.0.0 please go to the link: https://www.sgbox.eu/en/knowledge-base/the-custom-report-panel-functionalities-and-usage/ Requirements: SGBox Version 4.2.1. Examples: You need show all the user that starts […]
Risk Analysis The Risk Analysis is different way to show the information collected by the different hosts. Using this view is possible to identify witch hosts, assets, networks, are critical than others based on the events happened on the different hosts. Requirements: SGBox Version 4.2.1. You can define a specific score (from 0 to 10) […]
Introduction ADE is a tool designed to constantly monitor your Active Directories status, determine the relative risk and warn when KPI thresholds are exceeded.It is also capable to generate lists that can be used by other SGBox modules to achieve specific tasks such as event correlation, filtered reports, etc. The module generates some “system” lists […]