Overview
This user guide describes the Seqrite Endpoint Security tool integration with Seceon aiSIEM through the API
Steps of Configuration
To add the Seqrite Endpoint API method support follow the steps that are mentioned below:
Login Seceon UI: >provisioning >Add-on device >click on add button
To add the Sophos Central support Follow the steps that are mentioned below.
Device: Select the name of the device 'Seqrite Endpoint Security'.
Name: We can take anything here according to our interests.
CCE Host: Enter the CCE IP.
Enter the Access ID/user name: Required Username
Password/Secret Key: Required password from seqrite team
Now enter the valid JSON Format in the last field. Below is the JSON that you have to put.
{"host": "x.x.x.x", "database_name": "db_name", "port_num": 423, "time_duration": 15, "procedure_call":{"dlp": "pro_dlp", "virus": "pro_virus", "web": "pro_web"}}
host : please put the IP of the Seqrite server
database name: the name of the database where your Seqrite logs are getting stored
port number: The port using which is used on Seqrite to store the logs
Click on the Save button.
Verification
On UI
Step 1: Log in to UI with Administrative Rights & Navigate to System>> Log/Flow Collection Status Option.
Steps 2: Inside Source Device IP, the IP Address of the Device will reflect including the no. of logs sent to the Seceon Servers.
On CCE
Login with seceon user
Run the command : otmdoc -m
Go inside the add on container by running the command : cd cce-addon-devices
Run the command : crontab -l
Run the python script of Seqrite and check if there is any error