configure – SGBox Next Generation SIEM & SOAR

Syslog configuration on MikroTik Firewalls

SGBox — Wed, 24 Jul 2024 13:25:34 +0000

Syslog configuration on MikroTik Firewalls

Configure MikroTik Firewalls

Connect the Mikrotik device UI.
Navigate to System > Logging page.
Enter the IP address of SGBox in Remote Address field.
Enter 514 in Remote Port field.
Select the BSD Syslog.
Select local0 in Syslog Facility.
Select Info in Syslog Severity.

NOTE: You must select BSD Syslog to get the syslog with timestamp value.

Configure Oracle App

SGBox — Tue, 03 Jan 2023 10:41:46 +0000

Download and Configure Microsoft SQL App

This articles explain how to configure Oracle App in order to retrieve logs from a specified database table.
Requirements:

SGBox version 4.2.5

Go to the application lists from SGBox go to SCM > Applications

Select Vendors Integrations and download the application Log from Oracle. Click on INSTALL. Once Installed click on EDIT icon

You need to configure the application as follow:

Host: Database IP SID: Oracle SID Port: DB port Username: Oracle user used to login Password: Oracle user's password Star Date: Initial date to retrieve logs Timestamp field: The Column name that contain the timestamp Timestamp table: The table that contain the timestamp Separate field: Character used to separate information once retrieved Query: query used to extract information

IT’S VERY IMPORTANT TO NOT PUT ANY TIMESTAMP CONDITION OR * IN THE SELECT FIELD

After configured you need to schedule the application to be executed. See this section to know how to schedule an application.

The first time the application has been run some components are added and if everything is ok you can see in LM > Analysis> Historical Search the results

Once executed you’ll see your logs LM > Analysis > Historical Search

If yuo have more databases or more SQL Server you can clone it and configure a new one.

Configure SNMP service on Windows

SGBox — Tue, 17 Dec 2019 11:42:32 +0000

The Simple Network Management Protocol (SNMP)

This section explain how to configure SNMP service on Windows systems in order to monitoring and collect detailed information about the server.

Requirements:

The SNMP service must be installed.

If you want to check or install the SNMP service you can follow this steps:
Clink on Windows > Administrative Tools > Server Manager.
Select Manage > Add Roles and Functions and install the SNMP.

Clink on Windows > Administrative Tools > Services.
Right-click SNMP Service and select Properties.
Swtich on Security tab.
Choose the community name and specify the SGBox IP address in the accepted hosts.

Click on Apply.

Configure SNMP Service on Linux

SGBox — Tue, 17 Dec 2019 10:49:45 +0000

The Simple Network Management Protocol (SNMP)

This section explain how to configure SNMP service on Linux systems in order to monitoring and collect detailed information about the server.

Requirements:

Check that SNMP service is installed.

The command to install SNMP changes depending on distribution; Debian, RedHat, Centos, Solaris, for this reason we recommend to search the Internet for the correct command to install the service.

Debian/Ubuntu:

apt-get -y install snmpd

RedHad/Centos/Fedora:

yum -y install net-snmp net-snmp-utils

Once the installation is complete, make a copy of your original file and proceed with the configuration.

vim /etc/snmp/snmpd.conf

Specify the listening interface of server for the snmp service.

Enter the community name and SGBox ip address.

Save changes and restart the SNMP service.

Debian/Ubuntu:

service snmpd restart

RedHad/Centos/Fedora:

service snmpd restart