Overview
EclecticIQ's platform enables users to collect and aggregate data from various sources, including open-source intelligence, commercial feeds, and internal security data. The platform also incorporates advanced analytics and machine learning techniques to identify patterns, detect emerging threats, and provide actionable intelligence to security teams.
Prerequisites
- All Logsign versions support this integration.
Settings
Forwarding settings are completed as follows:
- Determine the log sources: Identify the systems or devices from which you want to forward logs. This could include servers, network devices, applications, or any other sources generating logs.
- Choose a log forwarding mechanism: Select a log forwarding mechanism or protocol that suits your requirements. CEF should be selected.
- Configure log source: Configure the log source to send logs to the designated log forwarding destination. This configuration depends on the specific log source and may involve modifying its logging settings or installing/configuring additional software or agents.
- Set up log forwarding destination: Prepare the log forwarding destination, which can be a centralized log management system, a SIEM (Security Information and Event Management) solution, or a specific log collector. This destination should be able to receive logs from various sources.
- Configure log forwarding: Configure the log forwarding mechanism on the log source to send logs to the designated log forwarding destination. This involves specifying the destination's IP address or hostname, port number, and any authentication or encryption settings if applicable.
- Test and validate: Verify that logs are being forwarded successfully from the log sources to the log forwarding destination. Check for any error messages, ensure the logs are arriving at the correct location, and review the data to ensure its integrity.
- Monitor and maintain: Continuously monitor the log forwarding process to ensure its reliability and make any necessary adjustments or troubleshooting if issues arise. Regularly review the logs in the log forwarding destination to detect any anomalies or potential security incidents.
Sample Log Examples
CEF:0|EclecticIQ|EclecticIQ Platform|2.14.0|indicator|EclecticIQ Platform \| indicator|2|externalId=379c0677-6d40-4eb9-8e2c-fff4e874b10e msg=http://182.121.44.53:35305/Mozi.m \| <p>Status: online</p>\n <p>Observed Time: 2020-11-07 12:50:05</p>\n <p>Blacklist: {'spamhaus_dbl': 'not listed', 'surbl': 'not listed'}</p> cat=indicator cn1=30 cn1Label=halfLifeDays rt=1683818668787 cs1=WHITE cs1Label=tlpColor flexString1Label=sourceId cn2=0 cn2Label=sightingsCount cs2=ipv4 cs2Label=extractType cs3=182.121.44.53 cs3Label=extractValue deviceCustomDate1=1683818126201 deviceCustomDate1Label=extractCreatedAt dst=182.121.44.53 EclecticIQ_Relevance=10 flexString2=LogSign SIEM flexString2Label=outgoingFeedName cs4=fdab8d16-738a-4f4d-9767-5edd0a1b4af3 cs4Label=destinationId cs5=bad cs5Label=extractClassification cs6=medium cs6Label=extractConfidence dvchost=default cn3=8 cn3Label=severity