SGBox

sgbox is a modular platform for controlling and managing ict security its modular and distributed architecture means it can adapt to the various company needs with sgbox, the user can create an aggregate display with all the information gathered from log collection, vulnerability scan and endpoint status prerequisites the sgbox asset requires a host url , username , password , api key sgbox rest api is hosted on port 4000 the host url should include the port number as well capabilities this connector supports the following capabilities get events get logs get tenants configurations asset authenticates using sgbox credentials configuration parameters parameter description type required url a url to the target host sgbox api is hosted on port 4000 string required apikey api key string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get events get events for both single tenant and multiple tenants endpoint url api/events method post input argument name type required description tenant array optional parameter for get events tsstart string required parameter for get events tsend string required parameter for get events search array optional parameter for get events paramid string optional unique identifier paramval string optional parameter for get events type string optional type of the resource multi patternid object optional unique identifier patternid array optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "thu, 28 sep 2023 09 37 21 gmt", "server" "apache", "cache control" "no cache, private", "content length" "6962", "keep alive" "timeout=5, max=100", "connection" "keep alive", "content type" "application/json" }, "reason" "ok", "json body" \[ { "uuid" "6442a5e2 1fe4 68de d081 000000000000", "ts" "20230711151320", "hostid" 1, "classid" 0, "class name" "sgbox security messages", "patternid" 11099, "pattern name" "\[sgbox] logon fail", "host name" "localhost", "host ip" "127 0 0 1", "tenant" "ddae270a642454f1cce98d4768ded081", "tenant name" "sgbox ddae270a642454f1cce98d4768ded081", "ancestors" "", "values" { "eventid" "20", "targetusername" "root", "workstationname" "macintosh; intel mac os x 10 15 7) applewebkit\\\\/537 36 (khtml, like gecko", "action" "wrong username or password", "ipaddress" "10 20 10 252", "sid" "ndh05kkjour7i03fke67fqss8u", "browsertype" " chrome\\\\/114 0 0 0 safari\\\\/537 36" } }, { "uuid" "6442a5e2 1fe4 68de d081 000000000001", "ts" "20230711151325", "hostid" 1, "classid" 0, "class name" "sgbox security messages", "patternid" 11099, "pattern name" "\[sgbox] logon fail", "host name" "localhost", "host ip" "127 0 0 1", "tenant" "ddae270a642454f1cce98d4768ded081", "tenant name" "sgbox ddae270a642454f1cce98d4768ded081", "ancestors" "", "values" { "eventid" "20", "targetusername" "admin", "workstationname" "macintosh; intel mac os x 10 15 7) applewebkit\\\\/537 36 (khtml, like gecko", "action" "wrong username or password", "ipaddress" "10 20 10 252", "sid" "1nl3j2erqvijc32qaj41icailn", "browsertype" " chrome\\\\/114 0 0 0 safari\\\\/537 36" } }, { "uuid" "70408210 1fe4 68de d081 000000000000", "ts" "20230711151341", "hostid" 1, "classid" 0, "class name" "sgbox security messages", "patternid" 11099, "pattern name" "\[sgbox] logon fail", "host name" "localhost", "host ip" "127 0 0 1", "tenant" "ddae270a642454f1cce98d4768ded081", "tenant name" "sgbox ddae270a642454f1cce98d4768ded081", "ancestors" "", "values" { "eventid" "20", "targetusername" "admin", "workstationname" "macintosh; intel mac os x 10 15 7) applewebkit\\\\/537 36 (khtml, like gecko", "action" "wrong username or password", "ipaddress" "10 20 10 252", "sid" "2oorrc92luveke5d1af0ljju7a", "browsertype" " chrome\\\\/114 0 0 0 safari\\\\/537 36" } } ] } ] get logs to search and filter in the raw log endpoint url api/logs method post input argument name type required description tsstart string required parameter for get logs tsend string required parameter for get logs limit number optional parameter for get logs search string optional parameter for get logs hostid array optional unique identifier get tenants get tenants from sgbox endpoint url api/tenants method post output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "wed, 27 sep 2023 15 08 11 gmt", "server" "apache", "cache control" "no cache, private", "content length" "111", "keep alive" "timeout=5, max=100", "connection" "keep alive", "content type" "application/json" }, "reason" "ok", "json body" \[ {} ] } ] response headers header description example cache control directives for caching mechanisms no cache, private connection http response header connection keep alive content length the length of the response body in bytes 111 content type the media type of the resource application/json date the date and time at which the message was originated wed, 27 sep 2023 15 08 11 gmt keep alive http response header keep alive timeout=5, max=100 server information about the software used by the origin server apache notes https //www sgbox it/sgbox/en/knowledge base/sgbox api/ https //www sgbox it/sgbox/en/knowledge base/sgbox api/