Syslog configuration on CheckPoint This article explain how to configure CheckPoint to send log to SGBox using syslog protocol. Log in to CheckPoint management using a terminal link program (eg. Putty) and run the following command: Requirements CheckPoint R80 required as described here [Expert@Mgmt:0]#cp_log_export add name [domain-server ] target-server target-port protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)(generic)> [optional […]
Parameter translation in a SGBox pattern This article explains how to configure the Translate parameter feature in SGBox. When events are submitted, it is possible to display some parameters through their ‘aliases’. In this section you can specify the parameters and the corresponding aliases in a table and then associate it with a parameter defined […]
Configure query on SGBox events This article explain how to configure the Events Queries functionality, that allows you to obtain any data on any event from SGBox. This queries can later be shown in a dashboard with different graphs. Requirements: SGBox version 5.3.1 From SGBox menu, go to LM> Analysis > Events Queries and select […]
The Executive Reports Requirements: SGBox version 5.1.4 to 5.8.1 is required. Please take note: in case the version of SGBox installed is v 6.0.1 or higher you will have to use the Reports System module to create new reports. It’s possible create executive reports based on dashboards. First of all open the dashboard you want […]
The SGBox Data Retention In this section we will explain how SGBox stores logs.The logs received by SGBox are called “RAW logs”. The raw logs represent exactly what the data sources send to SGBox.When the raw logs are received, they’re stored in the SGBox storage system, the “Online storage”. You can access and make searches […]
The SCMID in the unique identifier for each SGBox machine. It’s necessary to generate the license or open a ticket with the SGBox support On Deploy Machine Web Interface Wizard The Wizard is displayed and the SCMID is shown. VM Console SCMID could also be shown the fist time you deploy the OVF template. After […]
Log in to SGBox using an Strong Authentication This article explains how to configure SGBox to use Strong Authentication during the user login. SGBox use Google Authentication as authentication provider. Loging to the SGBox Web interface: Go to SCM > Users > Users Create new local user, in our example: user: otpuser pass: Pass1234 Enable […]
The Sensors A sensor can be used alternatively to correlation rule (see this section) when the number of occurrences is high.Sensors detect when a large number of events repeating in a time interval and alert the admin when a specific threshold exceeded. Sensor in the other hand is less flexible than a correlation rule. Requirements: […]
The multi-events correlation rules A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range.In order to create a multi-events rule following requirements are needed: Requirements: A mail server must be configured. Look Configure a Mail server section to see how to configure […]
In this article is explained how to configure Apache web server in both Linux & Windows systems in order to log on SGBox all the related information. Linux systems: You need to edit yout virtual configuration file, in our case “default-ssl.conf” vi /etc/apache2/sites-enabled/default-ssl.conf Change the CustomLog value as follow: #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log #CustomLog […]