...
There are many services and packages available in the Linux. Each service plays a crucial role in enabling various functionalities and supporting different types of applications and workloads. Here are service description which are supported.
Device Information
Entity | Particulars |
---|---|
Vendor Name | Open Source |
Product Name | Linux Operating System |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log collection method |
---|---|---|---|
Linux Auditing System (AuditD) | AUDITD | Syslog KV/Unstructured | CyberHub |
Linux Sysmon | LINUX_SYSMON | Syslog XML | CyberHub |
Unix system | NIX_SYSTEM | Syslog Unstructured | CyberHub |
Port Requirements
Source | Destination | Port |
---|---|---|
Linux Operating System | CyberHub | 601 (TCP) |
To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.
While we understand that TLS support may not be available on all devices, if your devices do support TLS communication, we recommend utilizing port 6514 for seamless integration.
In some cases, the upgraded version of the device might incorporate TLS support without prior notice. If you come across such a scenario or for further assistance in configuring TLS, we kindly ask you to reach out to your dedicated Adaptive MxDR Service Delivery Lead.
Device Configuration
To Configure Linux Audit System (AUDITD) logging configuration
The below steps are validated on following Linux distributions - Ubuntu v22.04.4 LTS, RHEL v9.3, Debian v12.5 and SUSE Linux Enterprise v15.5.
...
Code Block |
---|
systemctl restart auditd.service systemctl restart rsyslog.service |
To Configure Linux Sysmon logging configuration
The below steps are validated on following Linux distributions - Ubuntu v22.04.4 LTS, RHEL v9.3 and Debian v12.5.
...
Code Block |
---|
sudo sysmon -accepteula -i |
To Forward All the Linux OS Logs to CyberHub
...
Code Block |
---|
*.* @@FORWARDER_IP:601 |
Replace FORWARDER_IP
with CyberHUB CyberHub IP. The @@
in the second column indicates that TCP is used to send the message.
...
Parameters required from customer for Integration.
Property | Default Value | Description |
---|---|---|
IP Address | Linux Operating System interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |