...
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log Collection Method |
|---|---|---|---|
Windows Defender AV | WINDOWS_DEFENDER_AV | NXLog = Syslog - JSON over Syslog | CyberHub |
Port Requirements
...
Device Configuration
Prerequisite
Generate certificate on CyberHub using the following steps.
Go to support user mode by executing following command
"su - support"on CyberHub terminal and choose“option 29 - Manage the TLS certificates".Choose
“option 2 - View EA Server TLS certificate"and this will print Private Key and Certificate content on console.Copy certificate from the console output to a file and save it.
Note:- Here you should copy and paste content from----BEGIN CERTIFICATE----to----END CERTIFICATE----.
Contact Adaptive MxDR on-boarding engineer to get CyberHub certificate.
Despite Windows Defender AV being automatically enabled in Windows Servers by default, it is essential to verify that it remains activated.
...
Download and install the NXLog agent from the following location: https://nxlog.co/products/nxlog-community-edition/download.
Navigate to
services.mscand stop the nxlog service.Go to the folder
"C:\Program Files\nxlog\data"and delete the file"configcache.dat"if it present.Navigate to the installed location
"C:\Program Files\nxlog\conf."Rename the attached
file toView file name NXLog.conf "nxlog.conf"and copy it into this folder.Replace the placeholder
"CyberHub IP"with the actual CyberHub IP in the nxlog.conf file.Copy the previously created certificate file on Windows machine where nxlog agent is installed and mentioned this cert path in nxlog.conf against "CAFile" on line number 5351.
Now, start the nxlog service from services.msc.
NXLog agent logs will be available at the location
"C:\Program Files\nxlog\data\nxlog.log".The log flow should work, and you can check it using tcpdump with the command
"tcpdump -AA port 6514"
...