SOAR – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Thu, 05 Mar 2026 15:00:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://www.sgbox.eu/wp-content/uploads/2025/02/cropped-SGBox-symbol-png-32x32.webp SOAR – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 API configuration on Telegram https://www.sgbox.eu/en/knowledge-base/api-configuration-on-telegram/ Thu, 05 Mar 2026 14:38:50 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=36887

API Key configuration

This articles explain how to configure SGBox to interact with Telegram API in order to send alert messages when a specific event occur.

Requirements:

  • SGBox version 4.2.4 with the LM and LCE modules.
  • A Telegram BOT.

There are many tutorial about how to configure a Telegram BOT. We choose @BotFather for our example.
First you need to create your bot and obtain your TOKEN:

API configuration on Telegram

API configuration on Telegram

A token is something like: 1148120703:AbIUGpERusdQDEEag_EL1KDtynRB9sIhbj1.
You need also a the chat_id, so: start and say “Hello” to your bot, than retrieve the chat id:

API configuration on Telegram

From your browser go to:
https://api.telegram.org/bot1148120703:AbIUGpERusdQDEEag_EL1KDtynRB9sIhbj1/getupdates

Find the ID in the response:
API configuration on Telegram
id: 124229696

API Key configuration

Log in to SGBox and download Telegram application:
From SCM > Application > SOAR PREMIUM download and install Telegram application.

API configuration on Telegram

Go to PB > Playbooks > Telegram_Alert

API configuration on Telegram

Edit Telegram BOT credential

API configuration on Telegram

Name fileld: bot_id ( do not change ),  ( we can find in the first part of our guide the credentials that need to be entered  )

Value: 1148120703:AbIUGpERusdQDEEag_EL1KDtynRB9sIhbj1

Name fileld: chat_id ( do not change ),  ( we can find in the first part of our guide the credentials that need to be entered  )

Value: 124229696

Also when we finisched to insert our credential, we can test all and save, close the window

API configuration on Telegram

SGBox SOAR Usage

Afetr we need to create an Event/logs queries to connect with the Telegram_Alert’s Playbook, we have to go to LM  > Analysis >  Event/logs queries

API configuration on Telegram

Create new Queries with the blue button on the right 

API configuration on Telegram

in the select we put the parameters that we are interested in seeing in the future message that will arrive on our Telegram.

On this example we write:

 $HOST as Host, $EVENT as Action, $PARAM:[TargetUserName] as details, $TIMESTAMP as Timestamp
API configuration on Telegram

Now set your “FROM”  ( The class or classes ) 

API configuration on Telegram

Now i choose the event or events:

API configuration on Telegram

Important: we need to verify the proper functioning of our query, NB: before clicking the test button, chech the range time

API configuration on Telegram

Now press the button = ” Show Scheduling Options “

API configuration on Telegram

put the tick on the flag ” Run Playbook ” and choose our Telegram alert

API configuration on Telegram

back to the playbook section

API configuration on Telegram

go to format message 

API configuration on Telegram

same passage as before click on the edit button, in the section text we write the telegrammessage that will come to us once we set :

Telegram Alert
Host: $1

Action: $2 

Details: $3

Timestamp: $4

the values refer to the query we made earlier, to add parameters in the text message click on plus or trash to delete 

Save all with the button on the right “save”

API configuration on Telegram

Back to Playbook section, search Telegram_Alert and check the status of the playbook on the right side, if it’s green playbook will alert you whenever the event we have indicated will happen

API configuration on Telegram

If it’s all correctly, after the login telegram alert me that someone has done a LogonOK

API configuration on Telegram
]]> API configuration on OPSWAT https://www.sgbox.eu/en/knowledge-base/api-configuration-on-opswat/ Thu, 05 Mar 2026 13:23:23 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=36877

Introduction

In this article is explained how to create your OPSWAT API key and how to configure SGBox PB.

API Key configuration

Log in to OPSWAT portal: https://my.opswat.com
Click in user Settings > Global > Server Integration

API configuration on OPSWAT

Copy your API Key

 

SGBox Application configuration

Log in to SGBox and doownload OPSWAT application:
From SCM > Application > SOAR PREMIUM download and install OPSWAT application.

API configuration on OPSWAT

From PB > Playboos edit “[OPSWAT] Authentication“. Edit Credential node and paste your API KEY in value field then click on Save

API configuration on OPSWAT
]]> API configuration on Virus Total https://www.sgbox.eu/en/knowledge-base/api-configuration-on-virus-total/ Thu, 05 Mar 2026 11:30:35 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=36867

Introduction

In this article is explained how to create your Virus Total API key and how to configure SGBox PB.

API Key configuration

Log in to Virus Total portal: https://www.virustotal.com/gui/sign-in.
Click in user icon > API Key

API configuration on Virus Total

Copy your API Key

API configuration on Virus Total

 

SGBox Application configuration

Log in to SGBox and doownload Virus Total application:
From SCM > Application > SOAR PREMIUM download and install Virus Total application.

API configuration on Virus Total

From PB > Playboos edit “[VirusTotal] Authentication“. Edit Credential node and paste your API KEY in value field then click on Save

API configuration on Virus Total
]]>