Z
К NADу прикрутить, не?
Size: a a a
2020 February 21
2020 February 22
M
да, я это понимаю, просто у меня в списках источников есть неуправляемые, есть ли у них логирование и вообще какой в этом смысл...)))
Читай по определению, не управляемый - значит нет возможности управлять и прописать syslog сервер...😂
BO
Hi everyone 👋🏻
Just a question 🙋🏻
Firstly I have a database activity monitoring solution and I wanna to push the alerts (events) to Maxpatrol SIEM through syslog but the task didn't complete, help 👩🏻💻 🌸
Just a question 🙋🏻
Firstly I have a database activity monitoring solution and I wanna to push the alerts (events) to Maxpatrol SIEM through syslog but the task didn't complete, help 👩🏻💻 🌸
E
Balqess Odat
Hi everyone 👋🏻
Just a question 🙋🏻
Firstly I have a database activity monitoring solution and I wanna to push the alerts (events) to Maxpatrol SIEM through syslog but the task didn't complete, help 👩🏻💻 🌸
Just a question 🙋🏻
Firstly I have a database activity monitoring solution and I wanna to push the alerts (events) to Maxpatrol SIEM through syslog but the task didn't complete, help 👩🏻💻 🌸
Hi! What`s the trouble? Writing normalization for syslog information messages is too easy.
MH
Do we have to create normalization rule?
E
Mohammed Houssani
Do we have to create normalization rule?
Sure, you can look it up in the knowledge base
💎
Alsalam ealaykum everyone
MH
We are having a trouble finding English manual can you please share the steps
RS
Create new rule
1. got a sample of raw syslog event
2. install and run SDK GUI (.NET windows application)
3. write your rule and test it on your samples
1. got a sample of raw syslog event
2. install and run SDK GUI (.NET windows application)
3. write your rule and test it on your samples
RS
Install new rule
1. clone siemdb database in PTKB
2. set it as installable
3. set up validation sdk for new db
4. create new empty rule and copy rule text from SDK GUI
5. install content from PTKB to SIEM
1. clone siemdb database in PTKB
2. set it as installable
3. set up validation sdk for new db
4. create new empty rule and copy rule text from SDK GUI
5. install content from PTKB to SIEM
MH
Many thanks😊
RS
look for ideas of parsing on rules from vendor in PTKB
there are a thousands of them
there are a thousands of them
RS
i've sent you devguide in English
MH
Thank you great
E
For self-wrote formulas we strongly recommend validate them before installing into SIEM
MH
Good advise thanks
2020 February 23
BO
hi everyone
just a question , how can i filter the events by time "i need the syntax that determine specific event at specific time" help!
just a question , how can i filter the events by time "i need the syntax that determine specific event at specific time" help!
RS
In query (event viewer) or in rule (filter clause in event declaration block)?
BO
RS
Time field is not applicable for where clause. Try to narrow down time filter in top left position (22-24 February)