Search Results

Introduction  Google Workspace (formerly G Suite) is a suite of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. It allows users to create, edit, and share documents, spreadsheets, presentations, a...

Introduction  The JumpCloud integration allows you to monitor events related to the JumpCloud Directory as a Service via the Directory Insights API.  You can find out more about JumpCloud and JumpCloud Directory Insights here  https://jumpcloud.com/...

Introduction  The Mimecast integration collects events from the Mimecast API.  Assumptions  The procedures described in Section 3 assumes that a Log Collector has already been setup.    Requirements  Configuration  Authorization parameter...

Introduction  This integration is used to fetch logs and metrics from MongoDB.  Assumptions  The procedures described in Section 3 assumes that a Log Collector has already been setup.    Compatibility  The log dataset is tested with logs from vers...

Introduction  The Okta integration collects events from the Okta API, specifically reading from the Okta System Log API.  Logs  System  The Okta System Log records system events related to your organization in order to provide an audit trail that can be us...

This integration periodically fetches logs and metrics from vSphere vCenter servers.   Compatibility The integration uses the Govmomi library to collect metrics and logs from any Vmware SDK URL (ESXi/VCenter). This library is built for and tested against ESXi...

Introduction  This integration is for Pulse Connect Secure.  https://www.ivanti.com/products/ivanti-neurons-zero-trust-access?psredirect  Pulse Connect Secure Integration Procedures  Please provide the following information to CyTech:  C...

Introduction  Slack is used by numerous organizations as their primary chat and collaboration tool.  Please note the Audit Logs API is only available to Slack workspaces on an Enterprise Grid plan. These API methods will not work for workspaces on a Free, St...

Introduction  The System integration allows you to monitor servers, personal computers, and more.  Use the System integration to collect metrics and logs from your machines. Then visualize that data in Kibana, create alerts to notify you if something goes wr...

Remote File Copy via TeamViewer   Identifies an executable or script file remotely downloaded via a TeamViewer transfer session.  Rule type: eql   Rule indices:   winlogbeat-*   logs-endpoint.events.*   logs-windows.*   Severity:...

Introduction  This integration is for Zscaler Internet Access logs. It can be used to receive logs sent by NSS log server on respective TCP ports.  The log message is expected to be in JSON format. The data is mapped to ECS fields where applicable and the re...

Elastic Agent Main installation path (windows) When installing Elastic Agent on a Windows machine, the installation files are placed in specific directories. Below are the important paths to know for managing and troubleshooting the Elastic Agent. Temporaril...

The SentinelOne integration collects and parses data from SentinelOne REST APIs. This integration also offers the capability to perform response actions on SentinelOne hosts directly through the Elastic Security interface  Compatibility This module has been ...

Why Whitelist in Office 365? Whitelisting ensures the CyTech phishing simulation (PS) functions without issue and prevents PS emails from being automatically moved to the spam folder or notifying users about potential phishing emails. The Connection Filter Po...

Custom Windows Event Logs Collect and parse logs from any Windows event log channel with Elastic Agent. The custom Windows event log package allows you to ingest events from any Windows event log channel. You can get a list of available event log channels by...

Introduction Windows Event Forwarding (WEF) allows the collection of event logs from multiple Windows machines and their forwarding to a centralized server. Using Nxlog, you can send these logs to a Linux server for storage and analysis. This documentation pr...

Overview This PowerShell script forwards Windows event logs to a Linux server using the syslog protocol. It captures specific event logs, sends them to the specified syslog server, and ensures that duplicate events are not sent. Prerequisites PowerShell o...

Overview The Sophos Central integration allows you to monitor Alerts and Events logs. Sophos Central is a cloud-native application with high availability. It is a cybersecurity management platform hosted on public cloud platforms. Each Sophos Central account ...

Log Collector Installation in CISO Workplace This guide provides step-by-step instructions for installing the Elastic Agent as a log collector in the CISO Workplace environment. By following these steps, you’ll set up a secure, automated method for gathering ...

Introduction  The Bitbucket integration collects audit logs from the audit log files or the audit API.  Reference:  https://developer.atlassian.com/server/bitbucket/reference/rest-api/   Assumptions  The procedures described in Section 3 assume that a Log ...