Consequently, some correlation rules may not be triggered because they rely on those events. Excluding events not relevant to security helps improve the overall performance of the plugin. Important: Windows Event IDs not present in patterndb.xml are not forwarded. Follow the procedure above to download the NXLog configuration file and select the PatternDB plugin. If you want to limit the events collected and sent to USM Anywhere, you can download the patterndb file provided by AT&T Cybersecurity and place it in the \nxlog\conf\ directory on your machine. If you decide not to use NXLog after the installation, you can uninstall the program using the Add or Remove Programs feature in the Windows Control Panel, or see How to Uninstall NXLog for detailed instructions from the vendor. In USM Anywhere, verify that you are receiving NXLog events.Open Windows Services and restart the NXLog service.Click Create File to generate the new nf file and save it to the \nxlog\conf\ directory on your machine.Enter the IP address of your USM Anywhere Sensor.Copy the certificate file to the client system.Download the certificate by clicking the Download NXLog Agent TLS CA link.In the left navigation pane, click Windows Event Collector to open the page. To use TLS, you need to download the certificate and save the file USM-NXLog-Agent-TLS-CA.pem in the \nxlog\cert\ directory on your machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |