07. 02. 2019 MarinovMihail Information Security Operations Center, NetEye, Uncategorized

Secure Connections for the Safed Agent

The Safed agent can be configured via https and send its collected logs to the log collector though a TLS connection. The latest released version – 1.9.1 – supports TLS 1.2 (at a minimum) and TLS 1.3.

The first step is to upload the private key, the local certificate and the CA certificate to the machine on which Safed is installed.   You can copy them manually to the configuration directory of Safed. It is also quite easy to do that using an embedded web server.

The second step is to enable secure communication via TLS between the Safed agent and a log collector such as NetEye.

The third step is to configure Safed’s embedded web server to accept https connections.

Once the configuration has been changed, it should be applied using the dedicated menu item “Apply the Latest Audit Configuration”.  From this point on, Safed will be reachable through https

… and it will send collected messages through the TLS connection.

The latest release of Safed 1.9.1 for Windows is available both via the neteye blog and on github.

 

MarinovMihail

MarinovMihail

Developer at Würth Phoenix
“Hi guys! I’m Mihail and since the university years I has been fascinated by distributed systems and measurements on them. Now when I join the Neteye project I get the possibility to continue with this passion and this is great. My free time is completely dedicated to my wife and my daughters, I simply love them.”

Author

MarinovMihail

“Hi guys! I’m Mihail and since the university years I has been fascinated by distributed systems and measurements on them. Now when I join the Neteye project I get the possibility to continue with this passion and this is great. My free time is completely dedicated to my wife and my daughters, I simply love them.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive