The multi-events correlation rules A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range.In order to create a multi-events rule following requirements are needed: Requirements: A mail server must be configured. Look Configure a Mail server section to see how to configure […]
How to configure Apache web server In this article is explained how to configure Apache web server in both Linux & Windows systems in order to log on SGBox all the related information. Linux systems: You need to edit yout virtual configuration file, in our case “default-ssl.conf” vi /etc/apache2/sites-enabled/default-ssl.conf Change the CustomLog value as follow: […]
Change the test script This section explains how to modify some test script’s arguments. Requirements: At least one test script must be configured. Look at this section to create a test script Connect to SGBox web interface and navigate to SCM > SM > View > Host. The check’s results are shown. In our case […]
Reset OpenVAS Web Interface password from WebUI This article explains how to change the OpenVAS password on collectors version 5. Connect to the collector on port 4000: https://192.168.2.103:4000 user: admin pass: admin Go in the top right corner and select My Settings Click on Edit My Settings Enter the current admin’s password and type the […]
Version 5 New S.O. based on Ubuntu Fast Data Access New Data Management Strong Data Encryption Improved Correlation Engine Automatic Vendors Recognition Version 4 S.O. based on Ubuntu Strong Data Encryption Correlation Engine
Microsoft CA This article will explain how to create a Microsoft CA in order to use LDAPS protocol and access to SGBox with your AD Users. It’s not mandatory have a Microsoft CA to use LDAPS protocols, you can use also an External CA. The only requirements is that SGBox is able to solve the […]
Profiles and Vendors (logs auto recognition) With version 5.1.0 a new concept has been introduced: logs auto recognition and categorization. SGBox already recognizes many different log sources, and up to v5.0.7 user needed to associate the collected logs to the desired patterns to extract events. Pre-defined classes are now associated to known vendors, and by […]
SGBox Event Text Lookup search (ETL) The ETL function allows user to search for a specific parameter in the events history. Using this functionality you can search in the past events any occurrence of the parameter you select. In this way it is possible, for example, to check if the source IP address of a […]
SGBox Log Management and Retention This section explain how SGBox manage logs and difference between: online logs, encrypted logs and events. Requirements: From the beginning: SGBox receives log data from different inputs / data sources and by using different protocols. +Online LogsThe raw data from each data source is associated with a unique tag and […]
Extend the entire disk size This article explains how to expand the capacity of SGBox’s disk. With version 5 is possible extend the full disk, not only the data partition. In order to extend the disk: Requirements: SGBox version 5 is required. You need to extend SGBox disk from your hypervisor. ⚠️ It may be […]