Energy Logserver 7.x User Guide¶
- Configuration
- Changing default users for services
- Plugins management
- Transport layer encryption
- Browser layer encryption
- Building a cluster
- Authentication with Active Directory
- Authentication with Radius
- Authentication with LDAP
- Configuring Single Sign On (SSO)
- Default home page
- Configure email delivery
- Custom notification on workstation
- Agents module
- Windows Agent installation
- Kafka
- Kafka encryption
- Event Collector
- Cerebro Configuration
- License service (SIEM Plan only)
- User Manual
- Introduction
- Data source
- System services
- First login
- Index selection
- Discovery
- Visualizations
- Dashboards
- Reports
- User roles and object management
- Settings
- Index management
- Intelligence Module
- The fixed part of the screen
- Screen content for regressive algorithms
- Screen content for the Trend algorithm
- Screen content for the neural network (MLP) algorithm
- AI Rules List
- AI Learn
- AI Learn Tasks
- Scenarios of using algorithms implemented in the Intelligence module
- Permission
- Register new algorithm
- Archive
- Wiki
- SIEM Plan
- Alert Module
- Enabling the Alert Module
- SMTP server configuration
- Creating Alerts
- Alerts status
- Alert Types
- Alert Methods
- Alert Content
- Example of rules
- SIEM Rules
- Playbooks
- Risks
- Incidents
- Indicators of compromise (IoC)
- Calendar function
- Windows Events ID repository
- Security rules
- MS Windows SIEM rules
- Network Switch SIEM rules
- Cisco ASA devices SIEM rules
- Linux Mail SIEM rules
- Linux DNS Bind SIEM Rules
- Fortigate Devices SIEM rules
- Linux Apache SIEM rules
- RedHat / CentOS system SIEM rules
- Checkpoint devices SIEM rules
- Cisco ESA devices SIEM rule
- Forcepoint devices SIEM rules
- Oracle Database Engine SIEM rules
- Paloalto devices SIEM rules
- Microsoft Exchange SIEM rules
- Juniper Devices SIEM Rules
- Fudo SIEM Rules
- Squid SIEM Rules
- McAfee SIEM Rules
- Microsoft DNS Server SIEM Rules
- Microsoft DHCP SIEM Rules
- Linux DHCP Server SIEM Rules
- Cisco VPN devices SIEM Rules
- Netflow SIEM Rules
- MikroTik devices SIEM Rules
- Microsoft SQL Server SIEM Rules
- Postgress SQL SIEM Rules
- MySQL SIEM Rules
- Wazuh
- Tenable and Qualisis Integration
- Alert Module
- API
- Connecting to API
- Kibana API
- Elasticsearch API
- Elasticsearch Index API
- Elasticsearch Document API
- Elasticsearch Cluster API
- Elasticsearch Search API
- Elasticsearch - Mapping, Fielddata and Templates
- AI Module API
- Alert module API
- Reports module API
- License module API
- Role Mapping API
- User Module API
- User Password API
- Integrations
- OP5 - Naemon logs
- OP5 - Performance data
- OP5 Beat
- The Grafana instalation
- The Beats configuration
- Wazuh integration
- 2FA authorization with Google Auth Provider (example)
- Cerebro - Elasticsearch web admin tool
- Elasticdump
- Location
- Examples of use
- Copy an index from production to staging with analyzer and mapping
- Backup index data to a file:
- Backup and index to a gzip using stdout
- Backup the results of a query to a file
- Copy a single shard data
- Backup aliases to a file
- Import aliases into ES
- Backup templates to a file
- Import templates into ES
- Split files into multiple parts
- Import data from S3 into ES (using s3urls)
- Export ES data to S3 (using s3urls)
- Import data from MINIO (s3 compatible) into ES (using s3urls)
- Export ES data to MINIO (s3 compatible) (using s3urls)
- Import data from CSV file into ES (using csvurls)
- Copy a single index from a elasticsearch:
- Copy a single type:
- Usage
- All parameters
- Elasticsearch’s Scroll API
- Bypassing self-sign certificate errors
- An alternative method of passing environment variables before execution
- Curator - Elasticsearch index management tool
- Cross-cluster Search
- Sync/Copy
- XLSX Import
- Logtrail
- Tenable.sc
- Qualys Guard
- Embedding dashboard in iframe
- Logstash
- Logstash - Input “beats”
- Getting data from share folder
- Logstash - Input “network”
- Logstash - Input SNMP
- Logstash - Input HTTP / HTTPS
- Logstash - Input database
- Logstash - Input CEF
- Logstash - Input OPSEC
- Build FW1-LogGrabber
- Download dependencies
- Compile source code
- Install FW1-LogGrabber
- Set environment variables
- Configuration files
- lea.conf file
- Command line options
- Help
- Debug level
- Location of configuration files
- Remote log files
- Name resolving behaviour
- Checkpoint firewall version
- Online and Online-Resume modes
- Audit and normal logs
- Filtering
- Checkpoint device configuration
- FW1-LogGrabber configuration
- Authenticated SSL OPSEC connections
- Authenticated OPSEC connections
- Unauthenticated connections
- Logstash - Input SDEE
- Logstash - Input XML
- Logstash - Input WMI
- Logstash - Filter “beats syslog”
- Logstash - Filter “network”
- Logstash - Filter “geoip”
- Logstash - avoiding duplicate documents
- Logstash data enrichment
- Logstash - Output to Elasticsearch
- Logstash plugin for “naemon beat”
- Logstash plugin for “perflog”
- Single password in all Logstash outputs
- Cerebro - elasticsearch web admin tool
- Integration Energy Logserver with AWS service
- The scope of integration
- Data download mechanism
- AWS Cost & Usage Report
- Cloud Trail
- Configuration