LenelS2 NetBox

Log Ingestion Configuration

Follow the steps below to configure ingestion of LenelS2 NetBox event records into Cortex XSIAM.

Configuration on LenelS2 NetBox

Create a Custom Database View

Connect to the LenelS2 NetBox's underlying MS SQL Server database and create a custom view as described here

Configuration on Cortex XSIAM

Configure a Broker VM on Cortex XSIAM

If you do not yet have a Broker VM configured, follow the instructions here.

Configure a Database Collector

Activate a database collector as described here.

• When configuring the Database Query section, set the following parameters:

  Parameter	Value
  Rising Column	Enter AutoID.
  Retrieval Value	Enter 0 for initializing the first retrieval to select all records within the view's defined time interval. For example, if the view is defined to select records from within the last hour (as in the sample SQL query above), the first retrieval would include all records from within the last hour. After the first initialization retrieval, the subsequent continuous polling would select only new records added from that point forward. Alternatively, set this value to the last known value.
  Unique IDs	Leave this parameter blank, as the AutoID rising column values are unique.
  Collect Every	Select the requested polling time interval. This interval must be shorter than the time interval defined on the custom view SQL query (1 hour on the sample query above).
  Vendor	Enter LenelS2.
  Product	Enter NetBox.

• Under the SQL Query editor, enter the following query, replacing with the actual custom view name created on the LenelS2 NetBox database:

      SELECT * FROM <CUSTOM_VIEW_NAME>
      WHERE logkey > ?
      ORDER BY logkey ASC