Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Search another article?

SGBox ETL

< Back

SGBox Event Text Lookup search (ETL)

The ETL function allows user to search for a specific parameter in the events history. Using this functionality you can search in the past events any occurrence of the parameter you select. In this way it is possible, for example, to check if the source IP address of a potential attack was contacted by the internal network.

Requirements:

  • SGBox version 5.0.4 is required.

Add a new widget to a new or existing dashboard. We use “Pattern Aanalysis” but you can use also “Multiclass Analysis”

SGBox ETL

Select a class and an event (in this example “[Snort] Standard message”, but any other event will fit the example)

SGBox ETL

Now select “Events detail Widget” and click “OK” to view the results.

SGBox ETL

If you see something strange or interesting you can start a new search. In our example the SourceIP of this possible attack would be a good starting point.

SGBox ETL

Right click on the value you want to search and you will see a popup “Search this value as…”.

SGBox ETL

Click on the popup, it will open a menu where you’ll be able to select up to 20 different parameters at the same time. The value you have clicked will be searched on ALL events as the selected parameters.

SGBox ETL

The dashboard will popup to show you all the events that has the selected value as one of the parameters you’ve selected.

SGBox ETL

You can now filter the events by clicking on an item in the dashboard and also save this view as a new dashboard. You will find this dashboard in your dashboard list.