Search another article?
Log decryption test
This article explain where encrypted logs are stored in SGBox and how to perform some decryption test.
First of all you need to know that after SGBox receives the logs it store the them in the Online Database in order to allows to do some searchs with Historical Search tool (LM > Analysis > Historical Seach).
Meanwhile SGBox also analyze the logs in order to produce the events you can see in Class/Pattern Analysis, Templates, Dashboards, Reports, ecc..
Here you can find some more information on how logs are stored and their retention: data retention
The raw logs are also stored on the filesystem in encrypted format using GPG. You can see them in LM > Configuration > Encryption
In this page you are also able to download a specific log file and check it can’t be read without the SGBox GPG keys
In order to read it you need to download the GPG keys and store the in a file (read this article to know how to do it: Export GPG key)
WINDOWS |
Download & Install a GPG program like GPG4WIN (https://www.gpg4win.org/).Run the progrma and choose Import botton. Select the previuosly exported GPG keys file. Choose Decrypt/Verify and select your file. Click on Save All to save the unencrypted file |
LINUX |
|