Introduction SGBox is a modular SIEM platform for ICT security control and management. Its distributed architecture allows you to adapt its use to different business needs. With SGBox you can generate aggregate views with the information collected from the various modules. The data coming from the collection of system and application logs, once analyzed, feeds […]
Syslog configuration on Solaris On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used. If not already present, install rsyslog daemon. Edit “syslog.conf” file vi /etc/syslog.conf Add the following row in order to send only authentication logs. Is possible use the IP or […]
Configure query on SGBox logs This article explain how to configure the Log Queries functionality, that allows you to obtain any data on SGBox logs. This queries can use to send alerts, create events or run a Playbook. Requirements: SGBox version 5.5.4 From SGBox menu, go to LM> Analysis > Events Queries and select New […]
Network Panel The network page allows to show all hosts present in the internal database of SGBox. Document Index Main Page The Functions box (1) allows different actions: In the (3) box: In the search field box (3) you can filter the results of the table. The system searches for each field of the table based on the characters in the input field. Clicking […]
Company ABOUT US WHY CHOOSE SGBox PARTNER PROGRAM TECHNOLOGY PARTNERS Products SIEM LOG MANAGEMENT EVENT CORRELATION & RESPONSE SYSTEM ACTIVE DIRECTORY AUDITOR USER BEHAVIOR ANALYTICS (UBA) THREAT INTELLIGENCE FEED NETWORK VULNERABILITY SCANNER ADVANCED EVENT SEARCH INCIDENT MANAGEMENT SOAR CLOUD SIEM FILE INTEGRITY Resources The Platform Blog Projects Knowledge Base FAQs Industries MANUFACTURING SECTOR PUBLIC ADMINISTRATION […]
Download and Configure Microsoft SQL App This articles explain how to configure Oracle App in order to retrieve logs from a specified database table. Requirements: SGBox version 4.2.5 Go to the application lists from SGBox go to SCM > Applications Select Vendors Integrations and download the application Log from Oracle. Click on INSTALL. Once Installed […]
Hosts The host page allows to show all hosts present in the internal database of SGBox and perform operations on them. Document index Main page New Host Import Host Selection Edit host Multiple Editing Remove Alert explanation Settings Messages Main Page In the Total IPs box (1) it is possible to know the number of hosts allowed based […]
Syslog configuration on AIX This article explains how to send logs from AIX systems to SGBox. It’s not necessary to install a specific agent. The syslog protocol will be used. Log in to your AIX system Edit “/etc/syslog.conf ” file Add the following line auth.info @SGBoxIP The auth.info and the IP must be separated by […]
Set / Change SGBox Timezone This article explain how to configure the SGBox Timezone. By default the SGBox timezone is set to Europe/Rome. Following the steps, if you need to change it. Connect via ssh (using a program like Putty) to the SGBox specifying the user cli. If you haven’t changed them through the wizard, […]
Triggering a Playbook from a Pattern analysis Dashboard Create a playbook with a trigger node as start node Edit the trigger to set, in the Test parameters section, the same name of the parameter of the event you want to use in the dashboard to trigger the playbook. In the following nodes of the flow, […]