🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Linux Servers Integration Guide

integrations endpoints linux

Connectivity Requirements

Source Destination Port/Protocol
Linux server Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integration

  Auth DHCP DNS File HTTP Management Netflow NIDS Process Thirdparty
Non-Microsoft-based servers (processes like sudo/su/sshd/named) D   D     Y        

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Logging Configuration Instructions

Linux servers must be configured to send logs — whether DNS, SSH, or sudo — via syslog to the Taegis™ XDR Collector.

Please refer to the vendor’s site for purchasing and configuration guidance.

An example of logging instructions:

Sample logs

Sudo:

Aug 21 18:03:26 ABC sudo[2479]: pam_vas: Authentication <ignored> for <Non-VAS> user: <sysmonpt> account: <> service: <sudo> reason: <>

SSH:

Aug 21 13:29:25 ABC-12345 sshd[12309]: Accepted password for srv_account from 10.118.1.66 port 29436 ssh2

DNS:

Apr 13 14:01:52 10.1.2.3 named[12133]: client 10.9.8.7#37299 (abc.l2.abc.org): query: abc.l2.qwerty.org IN A + (10.11.12.13)

 

On this page: