Configure a remote Syslog server

Once configured, Cyberwatch will send hourly the latest CVEs detected to the remote Syslog server

  1. Click on Admin
  2. Click on External tools
  3. Click on Remote Syslog server

Basic elements

  • Address: Address of the remote Syslog server
  • Port: Port used to communicate with the remote syslog server
  • Protocol: Protocol used to communicate with the remote syslog server

Advanced settings

  • Packet size: Maximal size of the packet send to the remote Syslog server

Example log

Log generated from the Test button in the syslog configuration menu.

Oct  3 12:02:32 Cyberwatch Detection: active='true',computer_category='desktop',computer_criticality='criticality_medium',
computer_id='0',computer_name='test_syslog',computer_os='',computer_os_arch='',computer_os_name='',
created_at='2022-10-03 14:02:32 +0200',cve_code='CVE-XXXX-XXXX',cve_level='high',cve_published_at='2022-10-03 14:02:32 +0200'
,cve_score='10.0',cve_status='ignored',cvss_AC='access_complexity_low',cvss_AV='access_vector_network',cvss_Au='authentication_none',
cvss_A='availability_impact_complete',cvss_C='confidentiality_impact_complete',cvss_I='integrity_impact_complete',fixed_at='',
groups='berlin,development',ignored='true',ip='127.0.0.1',source_node='cyberwatch',updated_at='2022-10-03 14:02:32 +0200'

Content of the log

The log contains the following information:

fieldDescriptionExamples of possible values
activeIndicates the current presence of the vulnerability on the asset.true
computer_categoryDifferentiates servers and workstationsserver, desktop
computer_criticalityCriticality of the asset as defined in CyberwatchMedium
computer_idComputer Id in Cyberwatch255
computer_nameHostname of the assetserver01
computer_osOS unique name for Cyberwatch.debian_9_64, windows_2008 ...
computer_os_archOS ArchitectureAMD64, x86_64, i3686...
computer_os_nameOperating system as communicated by the assetDebian GNU /Linux 9 (stretch), Microsoft® Windows Server® 2008 Standard ...
created_atCreation of the asset in Cyberwatch2022-10-05 14:30:07 +0200
cve_codeUnique identifier of the vulnerabilityCVE-2020-0850
cve_levelSeverity level of the vulnerability as configured in Cyberwatchlevel_medium
cve_published_atCVE Publication Date2022-10-05 14:30:07 +0200
cve_scoreCVSS score of the vulnerability7.6
cve_statusVulnerability status on the affected assetactive, active_with_exploits, fixed, ignored
cvss_access_complexity (cvss_AC)Vulnerability exploitability metric: access complexityaccess_complexity_medium
cvss_access_vector (cvss_AV)Vulnerability exploitability metric: access vectoraccess_vector_network
cvss_access_authentication (cvss_Au)Vulnerability exploitability metric: authenticationauthentication_none
cvss_availability_impact (cvss_A)Vulnerability impact metric: availabilityavailability_impact_partial
cvss_configentiality_impact (cvss_C)Vulnerability impact metric: confidentialityconfidentiality_impact_partial
cvss_integrity_impact (cvss_I)Vulnerability impact metric: integrityintegrity_impact_partial
epssExploit Prediction Scoring System0.7850
fixed_atVulnerability corrected on the asset on2022-10-05 14:30:07 +0200
groupsLists of groupsproduction, Paris
ignoredIndicates whether the vulnerability has been ignored on the asset or notfalse
ipComputer's IP address127.0.0.1
source_nodeName of the node supervising the assetcyberwatch
updated_atLast update2022-10-05 14:30:07 +0200