Configure a remote Syslog server
Once configured, Cyberwatch will send hourly the latest CVEs detected to the remote Syslog server
- Click on Admin
- Click on External tools
- Click on Remote Syslog server
Basic elements
- Address: Address of the remote Syslog server
- Port: Port used to communicate with the remote syslog server
- Protocol: Protocol used to communicate with the remote syslog server
Advanced settings
- Packet size: Maximal size of the packet send to the remote Syslog server
Example log
Below is the log generated from the Test button in the syslog configuration menu.
Oct 3 12:02:32 Cyberwatch Detection: active='true',computer_category='desktop',computer_criticality='criticality_medium',
computer_id='0',computer_name='test_syslog',computer_os='',computer_os_arch='',computer_os_name='',
created_at='2022-10-03 14:02:32 +0200',cve_code='CVE-XXXX-XXXX',cve_level='high',cve_published_at='2022-10-03 14:02:32 +0200'
,cve_score='10.0',cve_status='ignored',cvss_AC='access_complexity_low',cvss_AV='access_vector_network',cvss_Au='authentication_none',
cvss_A='availability_impact_complete',cvss_C='confidentiality_impact_complete',cvss_I='integrity_impact_complete',fixed_at='',
groups='berlin,development',ignored='true',ip='127.0.0.1',source_node='cyberwatch',updated_at='2022-10-03 14:02:32 +0200'
Content of the log
The log contains the following information:
| field | Description | Examples of possible values |
|---|---|---|
| active | Indicates the current presence of the vulnerability on the asset. | true |
| computer_category | Differentiates servers and workstations | server, desktop |
| computer_criticality | Criticality of the asset as defined in Cyberwatch | Medium |
| computer_id | Computer Id in Cyberwatch | 255 |
| computer_name | Hostname of the asset | server01 |
| computer_os | OS unique name for Cyberwatch. | debian_9_64, windows_2008 ... |
| computer_os_arch | OS Architecture | AMD64, x86_64, i3686... |
| computer_os_name | Operating system as communicated by the asset | Debian GNU /Linux 9 (stretch), Microsoft® Windows Server® 2008 Standard ... |
| created_at | Creation of the asset in Cyberwatch | 2022-10-05 14:30:07 +0200 |
| cve_code | Unique identifier of the vulnerability | CVE-2020-0850 |
| cve_level | Severity level of the vulnerability as configured in Cyberwatch | level_medium |
| cve_published_at | CVE Publication Date | 2022-10-05 14:30:07 +0200 |
| cve_score | CVSS score of the vulnerability | 7.6 |
| cve_status | Vulnerability status on the affected asset | active, active_with_exploits, fixed, ignored |
| cvss_access_complexity (cvss_AC) | Vulnerability exploitability metric: access complexity | access_complexity_medium |
| cvss_access_vector (cvss_AV) | Vulnerability exploitability metric: access vector | access_vector_network |
| cvss_access_authentication (cvss_Au) | Vulnerability exploitability metric: authentication | authentication_none |
| cvss_availability_impact (cvss_A) | Vulnerability impact metric: availability | availability_impact_partial |
| cvss_configentiality_impact (cvss_C) | Vulnerability impact metric: confidentiality | confidentiality_impact_partial |
| cvss_integrity_impact (cvss_I) | Vulnerability impact metric: integrity | integrity_impact_partial |
| epss | Exploit Prediction Scoring System | 0.7850 |
| fixed_at | Vulnerability corrected on the asset on | 2022-10-05 14:30:07 +0200 |
| groups | Lists of groups | production, Paris |
| ignored | Indicates whether the vulnerability has been ignored on the asset or not | false |
| ip | Computer's IP address | 127.0.0.1 |
| source_node | Name of the node supervising the asset | cyberwatch |
| updated_at | Last update | 2022-10-05 14:30:07 +0200 |