The correlation rules A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range.In order to create a new simple rule you have to: Requirements: A mail server must be configured. Look Configure a Mail server section to see how to configure a […]
Launch a Scan This section explains how to launch a vulnerability scan. SGBox uses, by default, the OpenVAS engine to test vulnerabilities on host groups (assets). To run it, you need to: Requirements: OpenVAS must be configured. Look This section to see how to configure OpenVAS. A asset must be prepared to OpenVAS. Look this […]
How to prepare an asset to NVS This article explains how to prepare an asset to NVS. In this way, the hosts that are part of it, can be used as target of the scan test. For more information about the assets, look the article that explains how to create an asset. Requirements: The asset […]
How to configure Syslog on Debian On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog packet. apt-get -y install rsyslog Edit “rsyslog.conf” file vi /etc/rsyslog.conf Add the following row in order to send only authentication logs. […]
On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog packet. yum -y install rsyslog Edit “rsyslog.cong” file vi /etc/rsyslog.conf Add the following row in order to send only authentication logs. Is possible use the IP or […]
On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog packet. yum -y install rsyslog Edit “rsyslog.cong” file vi /etc/rsyslog.conf Add the following row in order to send only authentication logs. Is possible use the IP or […]
Syslog configuration on Ubuntu On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog packet. apt-get -y install rsyslog Edit “50-default.conf” file vi /etc/rsyslog.d/50-default.conf Add the following row in order to send only authentication logs. Is possible […]
How to configurate Syslog on Bitdefender GravityZone This guide provides instructions to configure Bitdefender GravityZone to forward Bitdefender GravityZonelogs via syslog. The configurations detailed in this guide are consistent with Bitdefender GravityZone (on-prem) v6.5 to 7.0. Requirements: Note: Bitdefender GravityZone supports the syslog option from v6.50 to 7.0. Following are the steps to configure Bitdefender […]
How to configurate Syslog on PFSense Log in to PFSense using web interface. Click on Status > System Logs > Settings On section Remote Logging Options put the SGBox IP and choose the port 514 From SGBox WebUI PFSense Package: SCM > Application > Pacakges
How to configurate Syslog on Watchguard Connect to Watchguard using Watchguard System Manager. Choose Policy Manager in order to edit the current policy. Click on Setup > Logging On section Syslog Server, put SGBox IP and choose port 514 From SGBox WebUI downlaod Watchguard Package: SCM > Application > Pacakges