We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.
Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.
Realizing the capabilities of NXLog, in the Chronicle documentation, Google already provides guides for forwarding different log types with NXLog. However, with the arrival of NXLog Enterprise Edition 5.5, it is even easier to integrate with Google Chronicle using our native om_chronicle module, specifically designed for the Google Chronicle platform.
Prior to NXLog Enterprise Edition 5.5 and om_chronicle, you could use:
The above capabilities of NXLog are described in the Google Chronicle documentation in conjunction with NXLog, but we wanted to take it a step further and make it even easier. Nevertheless, this is a perfectly valid way of sending logs to Google Chronicle.
Thus, with the release of NXLog Enterprise Edition 5.5 and the om_chronicle module, you can now use:
As you can see, NXLog accommodates every possible scenario you can imagine for sending logs to Google Chronicle.
om_chronicle automatically transforms the JSON payload to the format Chronicle expects. See the Unstructured log output format section in the om_chronicle documentation.
Because of the unique JSON format Google Chronicle requires, om_http is limited to sending one event per request. However, om_chronicle module supports forwarding multiple events in batches to Chronicle to optimize network performance.