Configure a remote Syslog server
Once configured, Cyberwatch will send hourly the latest CVEs detected to the remote Syslog server
- Click on Admin
- Click on External tools
- Click on Remote Syslog server
Basic elements
- Address: Address of the remote Syslog server
- Port: Port used to communicate with the remote syslog server
- Protocol: Protocol used to communicate with the remote syslog server
Advanced settings
- Packet size: Maximal size of the packet send to the remote Syslog server
Example log
Below is the log generated from the Test button in the syslog configuration menu.
Oct 3 12:02:32 Cyberwatch Detection: active='true',computer_category='desktop',computer_criticality='criticality_medium',
computer_id='0',computer_name='test_syslog',computer_os='',computer_os_arch='',computer_os_name='',
created_at='2022-10-03 14:02:32 +0200',cve_code='CVE-XXXX-XXXX',cve_level='high',cve_published_at='2022-10-03 14:02:32 +0200'
,cve_score='10.0',cve_status='ignored',cvss_vector='CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L',fixed_at='',
groups='berlin,development',ignored='true',ip='127.0.0.1',source_node='cyberwatch',updated_at='2022-10-03 14:02:32 +0200'
Content of the log
The log contains the following information:
| field | Description | Examples of possible values |
|---|---|---|
| active | Indicates the current presence of the vulnerability on the asset. | true |
| computer_category | Differentiates servers and workstations | server, desktop |
| computer_criticality | Criticality of the asset as defined in Cyberwatch | Medium |
| computer_id | Computer Id in Cyberwatch | 255 |
| computer_name | Hostname of the asset | server01 |
| computer_os | OS unique name for Cyberwatch. | debian_9_64, windows_2008 ... |
| computer_os_arch | OS Architecture | AMD64, x86_64, i3686... |
| computer_os_name | Operating system as communicated by the asset | Debian GNU /Linux 9 (stretch), Microsoft® Windows Server® 2008 Standard ... |
| created_at | Creation of the asset in Cyberwatch | 2022-10-05 14:30:07 +0200 |
| cve_code | Unique identifier of the vulnerability | CVE-2020-0850 |
| cve_level | Severity level of the vulnerability as configured in Cyberwatch | level_medium |
| cve_published_at | CVE Publication Date | 2022-10-05 14:30:07 +0200 |
| cve_score | CVSS score of the vulnerability | 7.6 |
| cve_status | Vulnerability status on the affected asset | active, active_with_exploits, fixed, ignored |
| cvss_vector | CVSS v3 or CVSS v4 vector string | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L |
| epss | Exploit Prediction Scoring System | 0.7850 |
| fixed_at | Vulnerability corrected on the asset on | 2022-10-05 14:30:07 +0200 |
| groups | Lists of groups | production, Paris |
| ignored | Indicates whether the vulnerability has been ignored on the asset or not | false |
| ip | Computer's IP address | 127.0.0.1 |
| source_node | Name of the node supervising the asset | cyberwatch |
| updated_at | Last update | 2022-10-05 14:30:07 +0200 |