LCE → Rules 📝 Add and modify new rule This page allows you to create and edit a rule. A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range. ✔️ Requirements: A mail server must be configured. Check the Configure a Mail […]
6.0.7 A new version of SGBox that improve features and performance has been released New LCE module interface 6.0.7 version of the collector Correction and improvement of various modules SGBOX > SCM > Applications > SGBox Updates
The collector is a virtual appliance based on the Linux operating system, and is responsible for performing certain tasks of SGBox, such as collecting logs from local data sources and sending them to SGBox, via HTTPS (port 443) by establishing an encrypted channel. In addition the collector offers caching capabilities if the communication between […]
Custom Report – Detailed In this section you can create report in PDF starting from Custom Report previously configured.From RS > Report Catalog, select Custom Report – Detailed. Click on printer icon select timerange and custom report you want use.The generated report will be shown and stored in RS > Report archive. You can personalize […]
Historical Search This section is used to analyze logs coming from each data source. You can see them in: LM > Analysis > Historical Search. Logs are stored in a database, when you need to search logs and you can use operator like “AND”, “OR” and “NOT” to filter the search results. You can choose […]
Syslog Configuration on Apex Configure Syslog Settings For Apex Central On-premise Configure Syslog Settings Apex SaaS Configure Syslog Settings For Apex Central On-premise In order to send logs to SGBox you need to modify first you syslog settings: Go to Detections > Notifications > Notification Method Settings. The Notification Method Settings screen will appear. In […]
Syslog configuration on Sangfor Cyber Command Endpoint Secure Cyber Command In order configure Cyber Command to send logs to SGBox you need to: Login to your Cyber Command console.Go to System > Third-Party Platforms section, click on “add” and complete the fields. Choose Platform name (eg. SGBox) Enter SGBox IP address Enter Reported asset (suggested […]
6.0.6 A new version of SGBox that improve features and performance has been released Internal report added Collector v6 updates Lista Elementi SGBOX > SCM > Applications > SGBox Updates
Syslog configuration on ESET Following the steps to send logs from ESET (on-premise and Cloud) console to SGBox. Syslog server Configuration On Premise Syslog server Configuration On Cloud Syslog server Configuration On Premise If you have a Syslog server running in your network, you can Export logs to Syslog to receive certain events (Detection Event, […]
Syslog configuration on Cortex XDR Select Settings → Configurations → Integrations → External Applications. In Syslog Servers, click + New Server. Define the following parameters: Name: for the server profile Destination: IP address or fully qualified domain name (FQDN) of SGBox. port: number on which to send syslog messages. facility: Select one of the syslog standard values. […]