SOCaaP

• Introduction
  • Logging-in To The SOCaaP Console
• Dashboard Overview
  • Summary
  • Alerts,Incidents And Website Vulnerabilities
  • Customer Health
• SOCaaP Alerts/Escalations
  • Log-in To The Admin Console
  • The Home Screen
  • Service Summary
  • Incidents Overview
    • Incidents
    • Threat Summary
  • Log Collection Summary
  • Threat Communication Graph
  • Tickets
  • Reports
  • Notification Settings
  • Integrate Your Office 365 Account With SOCaaP
• SOCaaP XDR
  • Log-in To The Admin Console
  • The Main Interface
  • Eveny Query
    • Configure Event Queries
  • Report Generation
  • Administration
    • Event Collection
    • Phantom Settings
    • Manage Users
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 –SOCaaP Supported Logs
• SOCaaP Web Protection
  • Add Websites
  • The Main Interface
  • The Dashboard
  • Website Data And Settings
    • Website Overview
    • Security Scans
      • Website Scans
      • Website Files Security Scans
        • Malware Scan Settings
          • Automatic Configuration
          • Manual Configuration
        • Run A Scan And View Results
        • Notifications, Malware Removal And Scheduled Scans
      • Vulnerability Scans
        • CMS Vulnerability Scans
        • OWASP Top 10 Vulnerability Scans
    • Content Delivery Network
      • Activate CDN For A Website
      • CDN Settings
      • View CDN Metrics
    • Firewall
      • WAF Statistics
      • WAF Events
      • Configure WAF Policies
      • Manage Custom Firewall Rules
    • SSL Configuration
    • DNS Configuration
    • Add Trust Seal To Your Websites
    • Back Up Your Website
      • Backup Settings
      • On-Demand Backup
      • View Backup Records And File Statistics
      • Restore And Download Website Files
      • Delete Backups
  • Manage Your Profile
• Sensor Installation
  • Requirements
  • (Option 1) Create Installation Media
  • (Option 2) Deploy Virtual Machine Environment
    • Create A New Virtual Machine
    • Configure Memory Size
    • Configure Hard Disk
    • Configure Hard Disk File Type
    • Configure Storage On Physical Hard Disk
    • Configure Size Of Virtual Hard Disk
    • Configure Network Settings
    • Select VM Startup Disk
  • Sensor Installation Steps
  • Sensor Configuration Steps
    • Login To The Web Portal
    • User Settings
    • Configure Network
    • Configure Timezone
    • Key Activation
    • (Optional) Valkyrie Key Verdict
    • (Optional) Forward Log
• Frequently Asked Questions
• About Xcitium Security Solutions

Event Collection

• SOCaaP features agent-less log collection from Windows/Linux endpoints using the Nxlog and Rsyslog utilities.

• The NXLOG utility (for Windows) and the RSYSLOG utility (for Linux) need to be configured to send logs to the SOCaaP server.

• SOCaaP also provides pre-configured scripts for Nxlog and Rsyslog which will automatically send logs to SOCaaP.

Scripts can be configured and deployed in two ways:

• Pre-configured script files - The administrator can download ready-made configuration script files with all parameters pre-configured for a specific customer/network from the 'Hard Assets' interface. This is the most convenient way of configuring NXLOG and RSYSLOG utilities at the endpoints to send logs to the SOCaaP server. See Configuring Nxlog and Rsyslog to Send Logs to SOCaaP Server for more detailed explanations about downloading the script files and deploying them.

• Manually configure RSYSLOG/NXLOG scripts - Administrators can download configuration scripts for RSYSLOG and NxLOG and manually set the parameters such as network authentication token, name of product from which the logs are to be collected and so on. These scripts can be used to configure RSYSLOG and NxLOG utilities at Linux and Windows based endpoints to send logs to the SOCaaP server.

• Click the 'Menu' button from the top right, choose 'Administration' and then click 'Event Collection'

The 'Event Collection' page contains instructions about downloading the scripts, setting the parameters and configuring the RSYSLOG/NxLOG utilities using the scripts.

In addition to event collection, SOCaaP is capable of collecting log information from Xcitium Network Monitoring Sensors. These sensors listens on the customer's network using span/tap technologies and can be configured according to customer requirements. The deployment of sensors has to planned according to customers network topology and can be done in coordination with Xcitium. Please contact your account manager at Xcitium for the deployment of sensors on your network.