Syslog configuration on Kaspersky This article explain how to configure Kaspersky to send log to SGBox using CEF protocol. Requirements SGBox 5.2.2 Valid Kaspersky license for export CEF/LEEF logs Click here. Log in to your Kaspersky Security Center console, from Administration Server select Events. Select Configure notification and event export and select the Siem configuration […]
Access to remote SGBox This feature is used when a customer has his own SGBox on premise and a service provider wants monitor customer’s events and incidents in order to alert him.This feature is used when a customer doesn’t want send logs out of his company. Requirements SGBox 5.0.3 or higher. First of all you […]
How to configure and run AWA – Advanced Windows Audit AWA is an SGBox feature that leverage on the Microsoft Sysmon free Tool to increase the visibility of your Windows environment. AWA will help to detect malicious activity and promote better understanding of the in-deep aspect of Windows machines, by tracking many events and detailed […]
Before you begin If you started with SGBox from version 5.3.0 or above and/or if you have never installed the old SGBox Windows packages Windows package Base and Windows package Advanced, you don’t need to cleanup anything; just follow the standard installation steps. However, if you’re an old SGBox customer, or if you’ve installed one […]
Syslog configuration on CheckPoint This article explain how to configure CheckPoint to send log to SGBox using syslog protocol. Log in to CheckPoint management using a terminal link program (eg. Putty) and run the following command: Requirements CheckPoint R80 required as described here [Expert@Mgmt:0]#cp_log_export add name [domain-server ] target-server target-port protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)(generic)> [optional […]
Parameter translation in a SGBox pattern This article explains how to configure the Translate parameter feature in SGBox. When events are submitted, it is possible to display some parameters through their ‘aliases’. In this section you can specify the parameters and the corresponding aliases in a table and then associate it with a parameter defined […]
Examples of queries on SGBox events This article explain how to configure the Events Queries functionality, that allows you to obtain any data on any event from SGBox. This queries can later be shown in a dashboard with different graphs. Requirements: SGBox version 5.3.1 From SGBox menu, go to LM> Analysis > Events Queries and […]
The Executive Reports Requirements: SGBox version 5.1.4 to 5.8.1 is required. Please take note: in case the version of SGBox installed is v 6.0.1 or higher you will have to use the Reports System module to create new reports. It’s possible create executive reports based on dashboards. First of all open the dashboard you want […]
The SGBox Data Retention In this section we will explain how SGBox stores logs.The logs received by SGBox are called “RAW logs”. The raw logs represent exactly what the data sources send to SGBox.When the raw logs are received, they’re stored in the SGBox storage system, the “Online storage”. You can access and make searches […]