Enable SFTP export via Sensor > Export
Set the destination hostname:
Go to AlphaSOC Console > Credentials and set the username to the provided organization UUID.
Path relative to home is optional and can be used to distinguish between multiple sources.
Zeek logs to exclude is optional, but for now we’ll only process the following log files:
Set the log rotation value to 5 minutes.
Apply the changes and add the sensor’s SSH public key to AlphaSOC Console > Credentials.
Enhance SSL logs with additional columns – JA3 and server certificate hashes:
- enable JA3 support under System > Packages > Core
- download latest
alphasoc-zeek-cert-hash.bundlefrom GitHub and upload into the sensor under System > Packages > Custom