Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Search another article?

You are here:
< Back

The Sensors

A sensor can be used alternatively to correlation rule (see this section) when the number of occurrences is high.
Sensors detect when a large number of events repeating in a time interval and alert the admin when a specific threshold exceeded. Sensor in the other hand is less flexible than a correlation rule.

Requirements:

  • A mail server must be configured. Look Configure a Mail server section to see how to configure a mail server.
  • Pattern must belong to specific class.

Using the SGBox web interface: SGBOX > LCE > Sensors
Create a sensor

Clink on New Sensor
Create a sensor

On the left section,tab Events, find the interested events and drag it in correct section on the right.
The next step is configure the Action. Search it on Actions tab and drag it on the correct section. We choose Send Email.
It’s important also define a Timeout. Timeout is the maximum time ( in seconds ) between of the first and the last occurrence of the event. In the sensor you need also to specify the number of Occurrences.

Create a sensor

You can assign the DISTINCT flag to a parameter in order to search the number of occurrences for that value.
In our case, the sensor send an alert when: 10 logon fail occur from the same TargetUserName within 300 seconds.

Create a sensor

For the event it is possible specify this operators.

  • CNT: Total number for the specified parameter.
  • DISTINCT: Total number for each specified parameter.

Click on Save to finish the wizard.
Give a name, description, and click on Active flag to enable it.