NXLog provides native support for Google Chronicle

We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.

About Google Chronicle

Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.

Realizing the capabilities of NXLog, in the Chronicle documentation, Google already provides guides for forwarding different log types with NXLog. However, with the arrival of NXLog Enterprise Edition 5.5, it is even easier to integrate with Google Chronicle using our native om_chronicle module, specifically designed for the Google Chronicle platform.

Forwarding log data to Chronicle

google chronicle

Prior to NXLog Enterprise Edition 5.5 and om_chronicle, you could use:

  • om_http to send unstructured log entries or UDM events to the Chronicle Ingestion API.

  • om_tcp to send logs to Chronicle Forwarder (which is an intermediary software that will then forward the records to Google Chronicle).

The above capabilities of NXLog are described in the Google Chronicle documentation in conjunction with NXLog, but we wanted to take it a step further and make it even easier. Nevertheless, this is a perfectly valid way of sending logs to Google Chronicle.

Thus, with the release of NXLog Enterprise Edition 5.5 and the om_chronicle module, you can now use:

  • om_chronicle to send unstructured log data to the Chronicle Ingestion API.

  • om_http to send UDM events to the Chronicle Ingestion API.

  • om_tcp to send logs to Chronicle Forwarder.

Benefits of the NXLog om_chronicle module

As you can see, NXLog accommodates every possible scenario you can imagine for sending logs to Google Chronicle.

  • om_chronicle automatically transforms the JSON payload to the format Chronicle expects. See the Unstructured log output format section in the om_chronicle documentation.

  • Because of the unique JSON format Google Chronicle requires, om_http is limited to sending one event per request. However, om_chronicle module supports forwarding multiple events in batches to Chronicle to optimize network performance.

Next steps

GET STARTED TODAY:

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.

Download a fully functional trial of the Enterprise Edition for free