Comodo Help
Find the desired product help
Xcitium NxSIEM

Xcitium NxSIEM

Admin Guide 1.4

English

Print Help Download Help
Log Collection Agents And Policies > Log Collection Policies
  • Introduction To Comodo NxSIEM
    • Logging-in To The Administrative Console
  • The Main Interface
  • The Dashboard
  • Customer Asset Management
    • Adding Customers
    • Adding Assets For Monitoring
      • Hard Assets
      • Soft Assets
    • Downloading And Installing The NxSIEM Agent On Endpoints
    • Configuring Nxlog And Rsyslog Servers To Send Logs To NxSIEM Server
    • Editing Customers
  • Log Collection Agents And Policies
    • Collection Agents
      • Downloading NxSIEM Windows And Linux Agents
      • Managing Agents
      • Agentless Log Collection
    • Log Collection Policies
      • Audit Events Policy
      • Flat File Policy
      • Remote Log Collection Policy
      • Syslog Policy
      • Configuring Log Collection Policies
  • Query Management
    • Configuring Event Queries
    • Configuring Custom Dashboards
  • Managing Rules
  • Incidents And Cases
    • Managing Incidents
    • Managing Cases
  • Live Lists
    • Managing Live Lists
    • Managing Live List Content
  • Managing Reports
  • Administration
    • Viewing Log Collection Summaries
    • Managing Users
    • Viewing License And Subscription Details And Configuring NxSIEM Platform URL
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM Server
  • About Comodo Security Solutions

Log Collection Policies


Collection policies allow administrators to define events for which logs should be collected, the sources from which logs are collected and so on. These can then be deployed to control the behavior of agents on managed customer endpoints. These logs are used to generate incidents, can be queried and used to generate comprehensive event reports. Refer to the sections 'Configuring Event Queries' and 'Report Generation' for more details.


Four types of collection policies are available in NxSIEM:

  • Audit Policy – Agents collect the audit events from the host machine. This policy type does not require any additional configuration.
  • Flat File Policy – This policy type allows administrators to configure agents to track and send specific files from the agent's host machine.
  • Remote Collection Policy – This policy type allows administrators to configure agent installed on one machine to track a log file from another machine.
  • Syslog Policy – This policy type allows administrators to configure the agent to collect Syslog entries from a specific port

 

Log collection policies can be configured and deployed from the 'Collection Policies' interface.


To open the 'Collection Policies' screen, click the 'Navigational Menu' button from the top right and choose 'Agents' from the options and then click 'Collection Policies'.




 

The 'Policy List' section on the left side displays a list of policies available for deployment.


Policy List – Table of Column Descriptions

Column Header

Description

Policy Name

The name of the log collection policy as assigned during its creation

Policy Type

Indicates the type of the policy, that defines the events for which the log is collected and the log collection source.

Creation Time

The date and time at which the policy was created

Agents Count

The number of agents onto which the policy is deployed.


The 'Policy Deployment' pane on the right displays a list of all customer endpoints which have the agent installed, and allows administrators to deploy the policy selected on the left to the selected endpoints.


Policy Deployment – Table of Column Descriptions

Column Header

Description

Customers

The name of the customer. Below each customer, the check boxes indicate the deployment state of the policy selected from the left hand side pane on the corresponding endpoint shown in the Agent IP column. The check boxes can be used to deploy or remove the selected policy to the endpoints. Refer to the section 'Deploy a policy' for more details.

Agent IP

The IP addresses of the systems in which the agents are installed


Following sections contain descriptions of different types of policies, and explain on creating and deploying policies to selected agents:

  • Audit Policy
  • Flat File Policy
  • Remote Log Collection Policy
  • Syslog Policy
  • Configuring Log Collection Policies

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.