Energy Logserver 7.x User Guide¶
- About
- Installation
- System Requirements
- Installation method
- Interactive installation using “install.sh”
- Non-interactive installation mode using “install.sh”
- Check cluster/indices status and Data Node version
- Generating basic system information report
- “install.sh” command list
- Post installation steps
- Scheduling bad IP lists update
- Web Application Firewall requriments
- Docker support
- Configuration
- Plugins Management
- Transport layer encryption
- Offline TLS Tool
- Network Probe
- Browser layer encryption
- Building a cluster
- Disk-based shard allocation
- Authentication with Active Directory
- Authentication with Radius
- Authentication with LDAP
- Configuring Single Sign On (SSO)
- Configure email delivery
- Custom notification on the workstation
- Agents module
- Kafka
- Kafka encryption
- Event Collector
- Cerebro Configuration
- Field level security
- Default Language
- User Manual
- Introduction
- Data source
- System services
- First login
- Index selection
- Discovery
- Visualizations
- Dashboards
- Reports
- User roles and object management
- Users, roles, and settings
- Creating a User (Create User)
- User’s modification and deletion, (User List)
- Create, modify, and delete a role (Create Role), (Role List)
- Default user and passwords
- Changing the password for the system account with password utility
- Module Access
- Manage API keys
- Separate data from one index to different user groups
- Settings
- Backup/Restore
- Audit actions
- Index management
- Task Management
- Archive
- E-doc
- CMDB
- Cerebro - Cluster Health
- Data dump
- Data Node index management tool
- Cross-cluster Search
- Sync/Copy
- XLSX Import
- Network Probe
- Input “beats”
- Getting data from share folder
- Input “network”
- Input SNMP
- Input HTTP / HTTPS
- Input Relp
- Input Kafka
- Input File
- Input database
- Input CEF
- Input OPSEC
- Build FW1-LogGrabber
- Download dependencies
- Compile source code
- Install FW1-LogGrabber
- Set environment variables
- Configuration files
- lea.conf file
- fw1-loggrabber.conf file
- Command line options
- Help
- Debug level
- Location of configuration files
- Remote log files
- Name resolving behaviour
- Checkpoint firewall version
- Online and Online-Resume modes
- Audit and normal logs
- Filtering
- Supported filter arguments
- Example filters
- Checkpoint device configuration
- FW1-LogGrabber configuration
- Authenticated SSL OPSEC connections
- Checkpoint device configuration
- FW1-LogGrabber configuration
- Authenticated OPSEC connections
- Checkpoint device configuration
- FW1-LogGrabber configuration
- Unauthenticated connections
- Checkpoint device configuration
- FW1-LogGrabber configuration
- Input SDEE
- Input XML
- Input WMI
- Filter “beats syslog”
- Filter “network”
- Filter “geoip”
- Avoiding duplicate documents
- Data enrichment
- Output to Data Node
- naemon beat
- perflog
- LDAP data enrichement
- Multiline codec
- SQL
- SIEM Examples
- Example 1: Check number of failed login attemps
- Example 2: Gather host data from different sources in one place using JOIN
- Example 3: See MAC addresses and their assigned IP addresses:
- Example 4: Check total number of warnings from syslog:
- Example 5: Check number of failed login attemps for every client:
- SQL/PPL API
- Response formats
- SQL
- PPL - Piped Processing Language
- Identifiers
- Data types
- Functions
- Full-text search
- SIEM Examples
- Automation
- Cooperation of logserver and antivirus program
- SIEM Plan
- Alert Module
- Enabling the Alert Module
- SMTP server configuration
- Creating Alerts
- Alerts status
- Alert Types
- Alert Methods
- Escalate
- Recovery
- Aggregation
- Alert Content
- Example of rules
- Playbooks
- Risks
- Incidents
- Indicators of compromise (IoC)
- Calendar function
- Windows Events ID repository
- Security rules
- Cluster Health rules
- MS Windows SIEM rules
- Network Switch SIEM rules
- Cisco ASA devices SIEM rules
- Linux Mail SIEM rules
- Linux DNS Bind SIEM Rules
- Fortigate Devices SIEM rules
- Linux Apache SIEM rules
- RedHat / CentOS system SIEM rules
- Checkpoint devices SIEM rules
- Cisco ESA devices SIEM rule
- Forcepoint devices SIEM rules
- Oracle Database Engine SIEM rules
- Paloalto devices SIEM rules
- Microsoft Exchange SIEM rules
- Juniper Devices SIEM Rules
- Fudo SIEM Rules
- Squid SIEM Rules
- McAfee SIEM Rules
- Microsoft DNS Server SIEM Rules
- Microsoft DHCP SIEM Rules
- Linux DHCP Server SIEM Rules
- Cisco VPN devices SIEM Rules
- Netflow SIEM Rules
- MikroTik devices SIEM Rules
- Microsoft SQL Server SIEM Rules
- Postgress SQL SIEM Rules
- MySQL SIEM Rules
- Incident detection and mitigation time
- Adding a tag to an existing alert
- Siem Module
- Tenable.sc
- Qualys Guard
- BCM Remedy
- SIEM Virtus Total integration
- SIEM Custom integration
- License Service
- Alert Module
- Empowered AI
- Table of Contents
- AI Rules
- Common Elements
- Univariate Anomaly Detection
- Performance Tab for Univariate Anomaly Detection
- Multivariate Anomaly Detection
- Performance Tab for Multivariate Anomaly Detection
- Clustering
- Performance Tab for Clustering
- Forecasting
- Performance Tab for Forecasting
- Text Anomaly Detection
- Performance Tab for Text Anomaly Detection
- Conclusion
- Default AI Rules
- FAQ
- Troubleshooting