Versions Compared

Old Version 1

changes.mady.by.user Miguel Lauriano

Saved on

compared with

New Version Current

changes.mady.by.user Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attivo BOTsink technology detects, engages, and analyzes BOT and APT attacks. This results in total confidence that your organization is malware-free. A BOTsink system consists of BOTsink and its embedded software. Attivo BOTsink Systems are on-premise and cloud-based BOT and APT detection security tools that complement existing security systems.

Device Information

 Entity

Particulars

Vendor Name

Attivo

Product Name

BOTsink

Type of Device

Hosted

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log collection method

Attivo BOTsink Events

ATTIVO

SYSLOG - CEF

CyberHub

Port Requirements

Source

Destination

Port

Attivo BOTsink

CyberHub

601(TCP)

Device Configuration

...

To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.

While we understand that TLS support may not be available on all devices, if your devices do support TLS communication, we recommend utilizing port 6514 for seamless integration.

In some cases, the upgraded version of the device might incorporate TLS support without prior notice. If you come across such a scenario or for further assistance in configuring TLS, we kindly ask you to reach out to your dedicated Adaptive MxDR Service Delivery Lead.

Device Configuration

To create a syslog profile

  1. Click the Administration

    button

    and select Management > Syslog.

  2. Click Add in the Syslog Profiles section.

  3. Enter a name, which enables you to identify the syslog profile.

  4. BOTsink generates the syslog messages with value as Attivo for Device Vendor. Use default value as Attivo.

  5. The Manager tags all the syslog messages with the string BOTsink to enable you to identify BOTsink messages in the syslog server. Use default value as BOTsink.

  6. Make sure the Events Forwarding is set to enabled.

  7. Select event severity as the criterion. Select very-low.

  8. The BOTsink severity of events is mapped with that of syslog severity (RFC 5424). Use as default.

  9. Select message format as CEF.

  10. Enable Faults Forwarding.

  11. Enable Audit Logs Forwarding.

  12. Click Save.Create

To create a syslog server record

...

  1. Click the Administration

    button

    and select Management > Syslog.

  2. To add a syslog server details, click Add in the Syslog Server section.

  3. Tick the check-box to enable

    Enable message forwarding.

  4. Enter the

    name

    Name of syslog server.

  5. Select the

    profile name

    Profile Name which you have created above.

  6. Enter CyberHub IP Address

  7. Enter port number as 601

  8. Select protocol as TCP

  9. Save the configuration

  10. Test connection

...

Integration Parameters

Parameters required from customer for Integration.

Property

Default Value

Description

IP Address

Attivo BOTsink interface IP address

Hostname or IP address of the device which forwards logs to the CyberHub