Jul 2021

Raijin - NXLog's new schemaless database engine for storing events

We're excited to announce our new partnership with Raijin to offer our enterprise users a free, advanced schemaless SQL database designed to fill the gap between SQL and document databases while also providing a solution to today’s data challenges. It is equipped to work with high-volume log data, supports semi-structured data, and has been optimized for aggregation queries. Its server component accepts SQL queries over a secure REST API and can operate in cluster mode. Raijin databases can be used to aggregate security logs from diverse sources as well as providing a foundation for developing customized data analytics frameworks. Some of its main features are:

  • Ability to support semi-structured data, not requiring a schema to be defined up-front allowing you to cope with data variety
  • Faster data ingestion, capable of ingesting data in excess of 100k records per second on commodity hardware
  • Does not use indexes, instead, it stores metadata about data chunks which enables it to query data just as fast
  • Supports SQL as its primary query language while lifting some of SQL’s limitations
  • Encryption of data at rest to reduce the chances of data theft or unauthorized access
  • It can compress event log data down to about 15-20% of its original size
  • For handling sparse data, it uses a flat JSON representation for the data records

For this reason, we created a very practical use case on how you can use Raijin Database Engine with NXLog Enterprise Edition to aggregate and analyze Windows security events. In this use case article, we'll show how to inject Windows Security Events into Raijin DB and how to analyze them with an open-source data exploration tool like Apache Superset. Besides, you will get to see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools. Learn more.

Download Raijin Database for FREE. 


NXLog Enterprise Edition v4.10 release (Integration with Raijin Database) 

We are also glad to announce the next minor release of the v4 branch: version 4.10. The release fixes bugs and brings a refresh of the om_raijin output module which enables logs to be forwarded to Raijin Database servers for ingestion. By partnering up with Raijin DB now our NXLog Enterprise Edition customers can benefit from an event storage tool that allows them to store their security events and more for free (Raijin DB is also compatible with NXLog Enterprise Edition 5.0, 5.1, 5.2 and 5.3).

Download a free fully-functional trial version of NXLog Enterprise Edition v4.10 and start storing your data with Raijin Database.


New Google Logging API Add-On

If you're working with the Google Cloud Platform, our new NXLog add-on can exchange log data with the Google Logging API. The input part of the add-on retrieves logs, and the output component pushes them to the Logging API files, this way you're able to collect Google Cloud Platform logs and send logs to Google Pub/Sub service. This add-on runs on Windows, Linux, and macOS operating systems and in this user guide, we'll show you the basic steps for configuring NXLog and your Google Cloud account to collect the log data and forward it to the Logging API. 

Learn more about the Google Logging API Add-On.


Top 5 security concerns revealed with DNS logging

Given the heightened network security awareness of today’s business operations, DNS logging can be an important tool in helping your organization to not only respond quickly to threats but also to proactively protect your sensitive data assets. In this article, we present the top 5 security concerns revealed with DNS logging, including:

  • Denial-of-service attacks
  • DNS tunneling
  • Cache poisoning
  • DNS spoofing
  • Blocking

We highlighted the importance of DNS logging and monitoring, so you can get a head start on any security vulnerabilities that might be putting your business infrastructure in peril. Learn more.


Sending Siemens SIMATIC PCS 7 logs to IBM QRadar

Collecting logs from Siemens SIMATIC PCS 7 and sending them to IBM QRadar could be a complex task because of the unique combination of the log source and the desired destination.

On one hand, SIMATIC PCS 7 produces a wide variety of logs about its operation. Some of the logs are available through Windows Event Log, but most of the logs are stored as flat files. These logs produced by SIMATIC PCS 7 can also provide crucial information about the operation of the entire system it controls. However, the inconsistent formatting and the noisiness of the logs could present some challenges. For these reasons, we'll show you how NXLog Enterprise Edition can be easily set up to collect logs from SIMATIC PCS 7 and how to forward them to IBM QRadar.

Read the complete guide.


Integrating with Snare Agents and Snare Central to receive and forward logs

Snare Agents do not support message rewrite and provide limited custom log processing capabilities. This may pose a challenge when logs need to be forwarded to a third-party SIEM or a log analytics service that does not support the Snare format. NXLog provides log processing flexibility, log enrichment capabilities, and can output logs in various formats supported by modern SIEMs, such as JSON and XML. This way NXLog is able to integrate with both Snare Agents and Snare Central to receive logs, as well as output log records in Snare format.

Start forwarding logs from Snare to NXLog. Read more.


Top Social Media Chatter

What did the community have to say about NXLog on social media?  Tweet us or share our updates with us on LinkedIn for an opportunity to be listed in this newsletter.

  • Blumira's blog post on the Windows PrintNightmare exploit utilizing NXLog for detection - read article
  • Bloomberg press release about QOMPLX business growth, including NXLog partnership - read press release

Share this post