Syslog forwarding from sgbox to another server This article explain how to forward logs/events received from SGBox to another server using syslog protocol.First off all you need to download the “SGBox syslog forwarder” application or ask support via ticket to unlock it.Remember that this application reads data from internal repository and forwards log, events or […]
👣 Steps This table will explain the very first main steps. It must be followed in order. You can use also the “done” temporary column to check the passage done. # Context Passage Link Done 1️⃣ All Registration to Ticket Portal to access Download Appliance and Documentation 🔗 Registration and Download 2️⃣ All Start wizard […]
On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. ifup eth0 ip a add 192.168.1.200/24 dev eth0 ip route add default via 192.168.1.254 If not already present, install rsyslog packet. zypper refresh zypper update zypper install vim zypper install rsyslog systemctl start […]
Below there is the principal methods to send data to the Appliance or Collector Supported System Method Link ✔ Windows (.NET 4.0+) Windows Agent Windows Agent Guide ✔ (Recommended) Any system that support syslog protocol RFC5424 / RFC3164 via UDP/TCP Syslog / rSyslog Syslog configuration example ✔ Any Unix system with installed rSyslog rSyslog read […]
Basic Authentication Some application requires basic authentication to retrieve information. curl –user “username:password” https://app.website.com/api… Username and password should be pass in SGBox Playbook in the following way: Encode your username/password in base64. In our case will be: dXNlcm5hbWU6cGFzc3dvcmQ= Create a new Authorization header with value: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
rSyslog (imfile module) read custom files This article explains how to use rSyslog and its modules to collect logs in SGBox. rSyslog (imfile module) Purpose Using the imfile module (Input Module for Files), rSyslog can read any text-based file, regardless of its extension or internal format, as long as it contains line-oriented text. rSyslog CAN […]
Change user settings This article explain how a user can change his settings also if he has read-only privileges on different modules. After logged in with your user, select USER > Edit Here you can change: username, password and user email
Introduction SGBox is a modular SIEM platform for ICT security control and management. Its distributed architecture allows you to adapt its use to different business needs. With SGBox you can generate aggregate views with the information collected from the various modules. The data coming from the collection of system and application logs, once analyzed, feeds […]
Syslog configuration on Solaris On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog daemon. Edit “syslog.conf” file vi /etc/syslog.conf Add the following row in order to send only authentication logs. Is possible use the IP or […]
Configure query on SGBox logs This article explain how to configure the Log Queries functionality, that allows you to obtain any data on SGBox logs. This queries can use to send alerts, create events or run a Playbook. Requirements: SGBox version 5.5.4 From SGBox menu, go to LM> Analysis > Events Queries and select New […]