Collector – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Tue, 04 Jun 2024 09:41:54 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://www.sgbox.eu/wp-content/uploads/2020/09/cropped-Logo-SGBox-Trasparente-NO-SCRITTA-150x150.webp Collector – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 The SGBox Collector https://www.sgbox.eu/en/knowledge-base/the-sgbox-collector/ Wed, 31 Jan 2024 10:51:16 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=19442

The collector is a virtual appliance based on the Linux operating system, and is responsible for performing certain tasks of SGBox, such as collecting logs from local data sources and sending them to SGBox, via HTTPS (port 443) by establishing an encrypted channel. In addition the collector offers caching capabilities if the communication between the collector and SGBox should interrupt during the sending of data from the sources. The collector is used in order to make  Network Vulnerability Scanner available (NVS kb).

Requirements:

  • A collector must be deployed in your virtual infrastructure.
    • HDD 50 GB
    • RAM 4 GB
    • CPU 2 Core
    • The ports utilized by collector can be seen here Network Requirements

Notes: minimum requirements given above indicates what the appliance image will take automatically when deploying in virtualization environment, the hardware resources should be resized according to the tasks the collector will have to perform, for example, If the collector is used to run vulnerability scan you need to increase the resources: We suggest to set the minimum to 4CPU and 8GB of RAM (preferred 8CPU and 16GB of RAM).

Collector network configuration

You can configure the Collector network configuration using the cli tool present on the collector. Connect via ssh (using a program like Putty, or, virtualization console) to Collector specifying the User and Password.

Username: sgbox
Password: sgbox

Choose Network configuration

The SGBox Collector

Select Configure Collector interfaces

The SGBox Collector

This option allows you to configure all the parameters (IP, Gateway, DNS and Domain) by

following the wizard

Select the interface you want to configure.

The SGBox Collector

Select static option from the menu

The SGBox Collector

Configure all the parameters

Configure all mandatory parameters (IP, Gateway, DNS and Domain). Note: If you want to add more than one DNS, you must use the character “,” to distinguish the first DNS from the second, e.g. 1.2.3.254,8.8.8.8.

The SGBox Collector

Click on Submit to finish the configuration and choose when to apply it.

Establishing a connection with SGBox

This article explains how to configure the communication between collector and SGBox. It’ll be used to download collector updates and to send logs received by the local devices to SGBox.

This communication is also useful to configure NVS checks made by the collector.

Requirements:

  • A collector must be deployed in your virtual infrastructure.
  • The configuration of the collector network must be finished.

Configure and register collector for SGBox Multi tenant

Connect via ssh (using a program like Putty, or, virtualization console) to Collector specifying the User and Password.

Username: sgbox
Password: sgbox

Tenant configuration

Choose Tenant configuration

The SGBox Collector

Configure all the parameters by entering the SGBox IP address and Tenant UID.

The SGBox Collector

Click on Submit to finish the configuration.

SGBox IP address: it depends on where SGBox is located you can insert a hostname, public IP or private IP.

TenantUID: is the code that identifies the tenant. You can find it in SGMaster on section SCM > Multi tenant > Manager then select TENANTS and identify the code in column ID

Register the collector

Choose Collector

The SGBox Collector

Select Register collector

The SGBox Collector

Enter Key Probe for Connection: the password you have configured during tenant creation activities.

The SGBox Collector

 If you can’t remember the password, you always have an option to reset it and get a new one from SGMaster on section SCM > Multi tenant > Manager and then click the “Reset” button under the Connection key column.

Restart processes

After configured, go on Process & stats and click on Restart processes

The SGBox Collector
The SGBox Collector

Cloud consideration

SGBox Cloud

If your tenant is on SGBox Cloud, customers are asked to open a ticket to SGBox support via the ticket platform (https://sgboxportal.sgbox.it) by entering “collector registration for cloud tenant” in the subject of the ticket. 

External Cloud

Contact the person/company who manages SGBox for more guidance on how to obtain the key to register the collector and connect it to your tenant.

Configure a collector for SGBox Single tenant

Connect via ssh (using a program like Putty, or, virtualization console) to Collector specifying the User and Password.

Username: sgbox
Password: sgbox

Choose Tenant configuration

The SGBox Collector

Configure all the parameters by entering the SGBox IP address.

The SGBox Collector

Note: Configuring the TenantUID field is not necessary so you can leave it blank.

Click on Submit to finish the configuration.

Go to back to main menu and select Configuration

The SGBox Collector

Select  Collector configuration editor

The SGBox Collector

Change collector_legacy from 0 to 1

The SGBox Collector

Click on Save to finish the configuration.

After configured, go on Process & stats and click on Restart processes

The SGBox Collector
The SGBox Collector

Configure a collector as a probe

This section explains how to configure a collector as a probe in SGBox in order to launch a Vulnerability Scan check.

Requirements:

  • A collector must be deployed in your virtual infrastructure. (link)
  • The configuration of the collector network must be finished. (link)
  • Configure and register the collector (link)

Connect to the SGBox web interface inside the Tenant.

Go to SGBOX > SCM > Network > Probe 

Click on ➕ Add New Probe button and specify:

  • Collector IP Address
  • Collector Name
  • Network or networks that belong to this collector
The SGBox Collector
The SGBox Collector

Click on OK to finish the configuration.

]]>