NXLog provides native support for Google Chronicle

We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.

About Google Chronicle

Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.

Realizing the capabilities of NXLog, in the Chronicle documentation, Google already provides guides for forwarding different log types with NXLog. However, with the arrival of NXLog Enterprise Edition 5.5, it is even easier to integrate with Google Chronicle using our native om_chronicle module, specifically designed for the Google Chronicle platform.

Forwarding log data to Chronicle

Prior to NXLog Enterprise Edition 5.5 and om_chronicle, you could use:

om_http to send unstructured log entries or UDM events to the Chronicle Ingestion API.
om_tcp to send logs to Chronicle Forwarder (which is an intermediary software that will then forward the records to Google Chronicle).

The above capabilities of NXLog are described in the Google Chronicle documentation in conjunction with NXLog, but we wanted to take it a step further and make it even easier. Nevertheless, this is a perfectly valid way of sending logs to Google Chronicle.

Thus, with the release of NXLog Enterprise Edition 5.5 and the om_chronicle module, you can now use:

om_chronicle to send unstructured log data to the Chronicle Ingestion API.
om_http to send UDM events to the Chronicle Ingestion API.
om_tcp to send logs to Chronicle Forwarder.

Benefits of the NXLog om_chronicle module

As you can see, NXLog accommodates every possible scenario you can imagine for sending logs to Google Chronicle.

om_chronicle automatically transforms the JSON payload to the format Chronicle expects. See the Unstructured log output format section in the om_chronicle documentation.
Because of the unique JSON format Google Chronicle requires, om_http is limited to sending one event per request. However, om_chronicle module supports forwarding multiple events in batches to Chronicle to optimize network performance.

Next steps

See the om_chronicle module documentation for technical details.
Check out the Google Chronicle integration guide for deployment scenarios and configuration examples.
Read more about Google Chronicle SIEM.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us