Network – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Thu, 05 Sep 2024 10:30:57 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 https://www.sgbox.eu/wp-content/uploads/2020/09/cropped-Logo-SGBox-Trasparente-NO-SCRITTA-150x150.webp Network – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 Network Panel – Functionalities and usage https://www.sgbox.eu/en/knowledge-base/the-network-panel-functionalities-and-usage/ Wed, 11 Jan 2023 16:01:09 +0000 http://10.253.1.91/?post_type=epkb_post_type_1&p=8047

Network Panel

The network page allows to show all hosts present in the internal database of SGBox.

Document Index

Main Page

The Functions box  allows different actions:

  1. Select all
  2. Multiple Editing
  3. Remove

In the (3) box:

  1. .csv downloads the table as csv file.
  2. .xls downloads the table as xls file.
  3. The plus icon allows you to add a new network.

In the search field box (3) you can filter the results of the table. The system searches for each field of the table based on the characters in the input field.

Clicking on the pin icon (4) pins the filter for a future use. If it is blue the filter is pinned.

Network Panel – Functionalities and usage
  • The green circled icon shows the hosts belonging to the network
  • The light blue circled icon allows you to edit the information related to the network
  • The red circled icon selects the network to enable removal.

New Network

This modal dialog allows you to add a new network. The description and the location are optional. You can associate a location by searching for at least 3 characters in the input field and then selecting one of the results.

Network Panel – Functionalities and usage
Network Panel – Functionalities and usage

To cancel your choice you can click again on the row. To clear all the input field, you can use the reset button.

Network Panel – Functionalities and usage

Select Single Network

By clicking on the row you will be able to perform the following actions:

If you previously selected at least two networks, you will be able to perform these actions:

Select all

By clicking on the select all button, the rows (networks) will be selected. After clicking on the select all button:

  • You can edit multiple networks (1) or remove (2) them.
  • The button changes to “Deselect all” (3) to deselect all rows, clear the search input field, and reload the networks.

Functions:

Network Panel – Functionalities and usage

 

Modify Network

This macro area is displayed by clicking on the Edit icon. (1)

It reports the information in the input field and enables editing of the network.

Network Panel – Functionalities and usage

Modify network area

In the “modify network” section, you can modify the network information. It’s important to enter the network address correctly, as the system rejects these types of addresses:

  • 1.1.1.01
  • 30.168.1.255.1
  • 127.1
  • 192.168.1.256
  • -1.2.3.4
  • 1.1.1.1.
  • 3…3
  • 192.168.1.099

All the fields are editable.

Network Panel – Functionalities and usage

Location area

In the “Location” area, you can modify the location associated with the network. The first three input fields allow the user to find more details about the selected city.

To search for a location, you need to first select an available country from the drop-down list (1). Then, you must enter at least 3 characters in the input field (2) to enable the search button. Once the location has been selected and applied, you can remove the association by turning off the switch.

Network Panel – Functionalities and usage

Multiple editing

This view enables the editing of the selected networks. It performs the same functions of the Modify Network view. The common information of the networks selected is reported in the first red rectangle.

Network Panel – Functionalities and usage

The view shows the different information of the networks selected in the second red rectangle

Remove

To delete one or more network the user have to select the trash icon(1) and then click on the remove button (2).

Network Panel – Functionalities and usage


The following modal dialog displays the networks that the user has selected. To delete them, simply click the “Remove” button.

Network Panel – Functionalities and usage
]]>
Hosts Management https://www.sgbox.eu/en/knowledge-base/the-host-panel-functionalities-and-usage/ Wed, 23 Nov 2022 07:28:18 +0000 http://10.253.1.91/?post_type=epkb_post_type_1&p=7894

Hosts

The host page allows to show all hosts present in the internal database of SGBox and perform operations on them.

Document index

  1. Main page
  2. New Host
  3. Import Host
  4. Selection
  5. Edit host
  6. Multiple Editing
  7. Remove
  8. Alert explanation
  9. Settings
  10. Messages

Main Page

In the Total IPs box (1) it is possible to know the number of hosts allowed based on your license.

The Functions box (2) allows different actions:

  1. Selection
  2. Multiple Editing
  3. Remove

In the (3) box:

  1. .csv downloads the table as csv file.
  2. .xls downloads the table as xls file.
  3. The plus icon allows you to add or import hosts.

In the search field box (4) you can filter the results of the table. The system searches for each field of the table based on the characters in the input.

Clicking on the pin icon (5) pins the filter for a future use. If it is blue the filter is pinned.

  • Setting icon (6) configures the scripts that work with hosts.
  • Legend icon (7) opens a modal window describing various icons.
  • Reload icon (8) reloads the page, updating data.
  • Message Icon (9) opens a container containing all the notifications generated by SGBox.

Hosts Management

Hovering over the IP label allows you to view information about the host, including its ID, operating system, and description.

Hosts Management

Every host can be associated with one or more tags. By clicking on a tag, you will be directed to the tag page, where you can find more information about the tag. You can also search for the tag in the search box to find all the hosts associated with it.

Hosts Management

New Host

It is possible to alternate to the “Import host” view by toggling the switch. (1)

In this window, you can add a new host by filling the “host” field (2) and selecting the network (3). The “host” field can accept either an IP address or a host name. The hostname, description and operating system are optional.

Please note that special characters are not allowed.

Hosts Management

Import Host

It is possible to alternate to the “New host” view by toggling the switch. (1)

By clicking on the attach icon (2) you can upload a file using the default dialog.

Please note that the fields do not allow special characters.

Hosts Management

The filename is displayed in the input field (1), and the content is shown in the text area. They can be modified by clicking on the icon in the red circle (2).

Hosts Management

After clicking on the icon (2) it is possible to write in the text area.

You can upload the hosts by the subnet mask.

For example:

Hosts Management

Selection

To remove or perform a multiple editing, you must select one or more hosts. You can select them by clicking on the rows or by using the “Select All” button. To execute multiple editing, you need to select at least two hosts. After clicking the “Select All” button it will change to “Deselect All” button.

Hosts Management

Edit Host

Host Editing is allowed by clicking on the “Edit” icon. (1) This area reports the information in the input fields, which are used to make changes to host information (boxed in blue), retention (boxed in red) and alert (boxed in green).

The circled switch (2) has just been flipped to set the default value expressed in the information box (for example 180 days). To persist the changes, you have to authorize it through the group button (3).

The switch (4) dedicated to value customization is recognizable by the “Authorize customization” icon (5) placed at the top.

Hosts Management

Retention section

The “Retention” section allows you to modify the raw logs and SM Data conservation. If the input is disabled and its switch is turned off, it means that SGBox will use the default value available in the Advanced option page, otherwise you are able to customize the value for the specific host. You can retain data from one day up to 10 years.

Hosts Management

Hosts Management

Alert area

In the “Alert” section you can set different values to receive alerts. The alerts can be referred to log(host) or last connection(agent).

To learn more about using alerts, click here.

Hosts Management

Snooze field

When the “Snooze” timer is set it is possible to choose whether the Snooze should start from the “Current time” or the “last log”.

Hosts Management

Multiple editing

This view allows the editing of the selected hosts and it performs the same functions as the Edit host view.

The common information of the selected hosts are reported in the input fields, as shown in the green rectangle. The red boxes indicate when a field is being updated with a different value. In this case, the switch(1) is turned on to allow value customization. Naturally, the user can return to the default value by deactivating it. The default value is expressed in the information box or in the Advanced Options page.

  • Classes configuration → The user selects a host from the combo box to copy the associated classes to all the selected hosts.
Hosts Management

Remove

After choosing the host(s) (Select single host or Select all ) you can remove it/them from this view below:

By clicking on the eye icon is possible to hide/show the password

Hosts Management

If the user enters the correct password this message will appear and the hosts can be removed.

Hosts Management

Alert explanation

Log alert

Start send after

The system shows an alert when the host is not sending logs since X minutes.

This duration can be adjusted and set from 1 minute to 4 hours.

Hosts Management

Stop send after

The “Stop Send After” timer is employed to halt the alerts arrival. For instance, if an alarm is set for 2 hours, SGBox will continue to send alerts for that duration. After 2 hours, it will cease sending alerts. However, if the timer is not set, SGBox will consistently send alerts wherever necessary.

This timer can be adjusted from 2 minutes to 4 hours.

Hosts Management
Hosts Management

Snooze

If the “Snooze” timer is set, the alerts are hidden for a specified duration, represented by X minutes. During this time, the “Start send after” and “Stop send after” timers are not considered until the “Snooze” timer expires.

The snooze time is displayed to indicate when the snooze period will end.

Hosts Management

It is possible to set the “Snooze” timer from the last log

For example:

Hosts Management

It displays the last log in the message box (1) because the user might miss it when it arrives.

Hosts Management
Hosts Management

You can disable it in the Edit Host or Multiple Editing.

Agent alert

When no timer is set, The system displays the “Agent” icon within the message box, indicating the time of the agent’s last connection.

The logic follows that of the “Start send after” timer of logs.

Typical view:

Hosts Management

Start send after

If the  timer is not set, the “Agent status” icon will always be green.

The system triggers an alert when the agent hasn’t sent commands for a specified duration, represented by X minutes.

In the example below, the agent hasn’t communicated with SGBox for more minutes than the “Start send after” time (1 minute), causing the icon to turn red.

This timer can be adjusted from 1 minute to 4 hours.

Hosts Management

If communication had occurred within the last 15 minutes, the icon would have remained green.

Hosts Management

Stop send after

If the agent fails to send logs to SGBox beyond the limit set by the “Stop send after” timer, the icon will become grey.

This timer is adjustable from 1 minute to 4 hours.

Below are some examples:

  • Last command: 12:00
  • Start send after: 1 minute
  • Stop send after: 15 minutes
  • Current time: 12:32
  • Alarm becomes red: 12:01
  • Alarm becomes grey: 12:16
Hosts Management

  • Last command: 12:00
  • Start send after: 45 minutes
  • Stop send after: 3 hours
  • Current time: 12:32
  • Alarm becomes red: 12:45
  • Alarm becomes grey: 15:45
Hosts Management

  • Last command: 12:00
  • Start send after: 1 minute
  • Stop send after: 2 hours
  • Current time: 12:32
  • Alarm becomes red: 12:01
  • Alarm becomes grey: 14:01
Hosts Management

Settings

The settings are editable by clicking on the “Setting” Icon, indicated by the red box. The host page has one function, in other pages may exist additional settings to configure.

The “Save” icon (1) takes into account the value of the script interval timer and the button group value, highlighted in green.

(2) It executes the function instantly, providing immediate results.

The label circled in blue indicates the script interval time, which updates dynamically as the input changes. You can find more information about single function/script by hovering over the related information icon.

Hosts Management

Messages

SGBox can produce different types of messages to inform the user about script/functions executed in background. The “Message” icon (1) allows to open this window.

The messages are structered as follows:

  • Timestamp → Indicates the time of message arrival.
  • Severity → Represents the gravity level of the message.
    1. Green → Indicates information
    2. Yellow → Indicates a warning
    3. Red → Indicates a problem.
  • Script/Function name
  • Count → Specifies how many times the same message has arrived at different moments. The displayed timestamp will always reflect the last occurrence.
  • Info
Hosts Management

 
 

]]>
Create a probe https://www.sgbox.eu/en/knowledge-base/create-a-probe/ Thu, 18 Jul 2019 12:02:51 +0000 https://10.253.1.90/sgbox/EN/?post_type=epkb_post_type_1&p=2267

Use the collector to run a Vulnerability Scan

This article explains how to configure a collector as a probe for SGBox.
This is useful if you want delegate the Vulnerability Scan job to collector instead SGBox.

Requirements:

  • A collector must be deployed and configured to communicate with SGBox. Show this section

Loging to the SGBox Web interface:
Go to SCM > Network > Probes

Create a probe

Click on New Probe and Enter:

  • IP Address: the collector’s IP Address.
  • Name: A descriptive name for the probe.
  • Description: a descpription for the probe ( not mandatory ).
  • Select the network that belong to the collector.
  • Click OK to aplply.

Create a probe

The probe has been configured you can now configure and asset and use this collector as engine scanner. Look how to prepare an asset section to prepare the asset.

Create a probe

]]>
Create an asset https://www.sgbox.eu/en/knowledge-base/create-an-asset/ Fri, 28 Jun 2019 10:05:37 +0000 https://10.253.1.90/sgbox/EN/?post_type=epkb_post_type_1&p=1640

The assets

This article explains how to create an asset. Assets are logical groups of hosts that can be used to assign determine group configurations or to launch vulnerability scans.

Connect to the SGBox web interface.
SGBOX > SCM > Network > Asset
Click on New Asset button at the bottom left.

Create an asset

The asset configuration window opens. First of all, you have to assing a name to the new asset you just created. In our case Asset1.
In Assign host tab, select the networks to which the various hosts you want to add belong. In our case Host LM

Create an asset

Select the relevant hosts. Hosts from different networks may belong to the same asset and a host may belong to different assets.

Create an asset

In Assign module tab, select Log Management.

Create an asset

in Assign usertab, select the users who can see this asset.

Create an asset

Click on ADD button to end the operation.

Create an asset

]]>