Xcitium SIEM

• Introduction To Comodo CWatch Network
  • Purchase A License
  • Log-in To The Admin Console
• The Main Interface
• The Dashboard
• Customer Asset Management
  • Add Customers
  • Add Assets For Monitoring
    • Hard Assets
    • Soft Assets
  • Configure Nxlog And Rsyslog To Send Logs To CWatch Network Server
  • Edit Customers
• Query Management
  • Configure Event Queries
  • Long Term Analysis
  • Configure Custom Dashboards
  • Event Field Selection Settings
• Manage Rules
  • Manage Correlation Rules
  • Manage Tagged Rules
  • Manage Aggregation Rules
• Incidents
  • Manage Incidents
  • Incident Category Management
  • Category Action Management
• Lists
  • Manage Live Lists
  • Manage Live List Content
  • Manage Range List Content
  • Manage IP Range List Content
  • Manage Multiple Column List Content
• Manage Reports
• Administration
  • Event Collection
  • Phantom Settings
  • Manage Users
  • View License And Subscription Details
• Appendix 1 – Field Groups And Event Items Description
• Appendix 2 – CWatch Supported Logs
• About Comodo Security Solutions

Event Collection

• cWatch Network features agent-less log collection from Windows/Linux endpoints using the Nxlog and Rsyslog utilities.

• The NXLOG utility (for Windows) and the RSYSLOG utility (for Linux) need to be configured to send logs to the cWatch Network server.

• cWatch also provides pre-configured scripts for Nxlog and Rsyslog which will automatically send logs to cWatch.

Scripts can be configured and deployed in two ways:

• Pre-configured script files - The administrator can download ready-made configuration script files with all parameters pre-configured for a specific customer/network from the 'Hard Assets' interface. This is the most convenient way of configuring NXLOG and RSYSLOG utilities at the endpoints to send logs to the cWatch network server. See Configuring Nxlog and Rsyslog to Send Logs to cWatch Network Server for more detailed explanations about downloading the script files and deploying them.

• Manually configure RSYSLOG/NXLOG scripts - Administrators can download configuration scripts for RSYSLOG and NxLOG and manually set the parameters such as network authentication token, name of product from which the logs are to be collected and so on. These scripts can be used to configure RSYSLOG and NxLOG utilities at Linux and Windows based endpoints to send logs to the cWatch network server.

• Click the 'Menu' button from the top right, choose 'Administration' and then click 'Event Collection'

The 'Event Collection' page contains instructions about downloading the scripts, setting the parameters and configuring the RSYSLOG/NxLOG utilities using the scripts.

In addition to event collection, cWatch Network is capable of collecting log information from Comodo Network Monitoring Sensors. These sensors listens on the customer's network using span/tap technologies and can be configured according to customer requirements. The deployment of sensors has to planned according to customers network topology and can be done in coordination with Comodo. Please contact your account manager at Comodo for the deployment of sensors on your network.