Xcitium NxSIEM

• Xcitium NxSIEM Quick Start Guide
  • Step 1 - Enroll Customers And Assign Users
  • Step 2 - Add Customer Networks For Monitoring
  • Step 3 - Configure Customer Networks To Forward Logs To NxSIEM
  • Step 4 - Generate Event Queries And View Events
  • Step 5 – Create Custom Dashboards For Customer Networks
  • Step 6 - Create Correlating Rules To Monitor Networks For Incidents
  • Step 7 - Generate Reports

Step 2 - Add Customer Networks for Monitoring

In order to collect logs and monitor events on customer networks, administrators need to add the customer’s network assets to NxSIEM. Optionally, the administrator can also enroll the software assets (such as services) that they wish to monitor.

To add customer networks to NxSIEM

• Open the 'Asset Management' interface by clicking the 'Menu' button, then 'Assets' > 'Asset Management'.

• Select the customer whose assets are to be added from the left

• Click 'Manage' at the bottom left of the details pane:

The interface to add customer's assets will open. It contains two tabs:

• Hard Assets – Allows you to add networks and zones to be monitored by entering their start and end IP addresses. For each network,

• A unique activation key is generated for the log collection agent installed on the endpoints and configure the agents to send logs to NxSIEM.

• Configuration files for RSYSLOG and NXLOG utilities are generated for directly running on endpoints with RSYSLOG and NXLOG utilities respectively, for them to send logs to NXSIEM server.

• Soft Assets – Allows you to add soft assets like services hosted from the network by specifying their URL, website and so on.For details on adding soft assets, refer to the Administrative Guide at https://help.comodo.com/topic-325-1-675-8367-Soft-Assets.html.

To add hard-assets:

• Click the 'Hard Assets' tab and then click the 'Network' button at the bottom of the right pane.

The 'Add Network' dialog will appear.

• Name - Enter the name of the network in the field.

• Start IP - Enter the start IP address if a range of endpoints are to be added. If a single endpoint is to be added, enter its IP address in both the 'Start IP' and 'End IP' fields.

• End IP - Enter the end IP address if a range of endpoints are to be added.

• Click the 'Add' button.

The network will be added and a unique authentication token and agent activation key will be generated for the network. Clicking the button in the new network row will display the token and the key at the bottom of the right pane.

• Repeat the process to add more networks.