Create SGBox List using Playbooks Nodes allows you to extract, from an input, a list of values to be stored into SGBox, when the playbook is associated with a feed. The input always comes from a previous node in the flow. Select a node from the list to show its output. Available nodes, to manage […]
Generic API request This node can be configured with url, headers and parameters to get the output from any HTTP API. URL – if the complete url is already known, insert it into the Value field and select Fixed as type. Otherwise, the url can be composed of several concatenated url parts, added by Each […]
Multiclass Analysis The Multiclass Analysis is usefull when you need to show a subset of the collected information. In this tool you can use regex to filter the different information. Following the release of version 6.0.0 please go to the link: https://www.sgbox.eu/en/knowledge-base/the-custom-report-panel-functionalities-and-usage/ Requirements: SGBox Version 4.2.1. Examples: You need show all the user that starts […]
Risk Analysis The Risk Analysis is different way to show the information collected by the different hosts. Using this view is possible to identify witch hosts, assets, networks, are critical than others based on the events happened on the different hosts. Requirements: SGBox Version 4.2.1. You can define a specific score (from 0 to 10) […]
Introduction ADE is a tool designed to constantly monitor your Active Directories status, determine the relative risk and warn when KPI thresholds are exceeded.It is also capable to generate lists that can be used by other SGBox modules to achieve specific tasks such as event correlation, filtered reports, etc. The module generates some “system” lists […]
Rsyslog TCP with TLS support It’s possible configure SGBox to support TCP with TLS protocol to receive syslog messages. Requirements: SGBox version 5.4.1 Custom certificate must uploaded: Custom Certificate Be careful!! Making errors in the configuration can cause that service will not start correctly In this section will be described the steps: Connect to SGBox […]
Sophos Central Configuration SGBox can integrates with Sophos Central. You will need to create an API Token in Sophos Central Admin in order to allow SGBox to access to the different data using the Sophos Central APIs. Once the API Token is created, simply provide the credentials in SGBox application and schedule the app. The […]
Rsyslog TCP support It’s possible configure SGBox to support both UDP and TCP protocol to receive syslog messages. Be careful!! Making errors in the configuration can cause that service will not start correctly In this section will be described the steps: Connect to SGBox using terminal (like putty). Go to Appliance Management > Syslog > […]
Install the rsyslog-gnutls packge. In Ubuntu/Debian: apt install rsyslog-gnutls Add the following lines in the rsyslog file. In Ubuntu/Debian: /etc/rsyslog.d/50-default.conf or /etc/rsyslog.conf $DefaultNetStreamDriverCAFile /root/certs/chain_bundle.crt $DefaultNetStreamDriver gtls $ActionSendStreamDriverMode 1 # run driver in TLS-only mode $ActionSendStreamDriverAuthMode anon *.* @@sgbox192.sgbox.it:6514 Restart the rsyslog service: service rsyslog restart
SGBox custom certificate Starting from version 5.3.0 it’s possible to substitute the self-signed and upload a custom certificate. Requirements: SGBox version 5.3.0 From the web interface go to: SCM > Action > Upload custom certificate Select the Certificate, private key and the chain certificate if present. You can also specify the name of your web […]