All posts NXLog Blog

August 9, 2023

The Sarbanes-Oxley (SOX) Act and security observability

SOX - an overview Serious financial fraud was never considered a real risk while investing in U.S.-listed stocks until 2001, when energy giant Enron Corporation, which held $63.4 billion in assets, collapsed. It was revealed that the company had been misleading investors for years and the company’s stock price quickly plummeted from $90 to less than $1 per share. It was the largest bankruptcy in US history, followed by a $40 billion lawsuit and imprisonment for the corporation’s executives.

August 2, 2023

PCI DSS 4.0 compliance: Logging requirements and best practices

With PCI DSS 4.0, logging plays an even more critical role in safeguarding cardholder data. In this post, we’ll break down the key PCI DSS logging requirements, explore best practices for log retention and monitoring, and highlight key areas where NXLog Platform can help you stay secure and compliant. What is PCI DSS? PCI DSS, or Payment Card Industry Data Security Standard, is a collection of security requirements developed by major credit card companies to safeguard merchants who accept credit card payments by ensuring they provide a secure environment.

July 27, 2023

Detect threats using NXLog and Sigma

The analysis of events produced by various systems and applications can offer insights into the infrastructure health and the operational resilience of an enterprise. From an Infosec perspective, the end-goals are: threat detection, forensics and remediation. However, we can’t query or analyse data that we haven’t collected in the first place! Before threat hunting and incident response are even possible, security events need to be collected from various sources, parsed, transformed, and then forwarded to data sinks such as security information and event managements (SIEM), security analytics platforms, cloud ecosystems and long term storage.

July 19, 2023

HIPAA logging requirements and how to ensure compliance

The U.S. Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 to protect the privacy and security of health information. HIPAA’s Privacy, Security, and Breach Notification rules require healthcare providers and their partners to protect electronic protected health information (ePHI) through robust access controls, breach reporting, and documentation practices. A critical part of this compliance effort involves maintaining detailed audit logs that track who accessed, modified, or disclosed PHI, and retaining HIPAA logs for at least six years.

July 12, 2023

Understanding memory usage in NXLog

Understanding how NXLog allocates memory is essential to optimize your configuration for performance and utilize system resources efficiently. NXLog is designed for high-performance log collection and processing and is optimized to use system resources efficiently. However, various external factors affect how NXLog uses system resources, including memory, which can impact NXLog’s and its host’s performance. Misconfiguration is the leading factor we see when troubleshooting excessive memory consumption. Therefore, in this blog post, we will dive deeper into how NXLog allocates memory to help you create the optimal configuration for your system or determine whether high memory usage results from a misconfiguration.

June 20, 2023

Announcing NXLog Enterprise Edition 5.9

We are proud to announce the latest release of NXLog Enterprise Edition, version 5.9. This release focuses on bringing you new supported platforms and configuration options. Read on to find out more about some of these new features. Added protocols to network packet capture information Our administrative module (xm_admin) now returns a list of protocols configured in a packet capture (im_pcap) instance when you request server or module information. This allows you to track, count, and report on the network protocols you are monitoring.

June 8, 2023

Industrial cybersecurity - The facts

In Feb 2021, a major cybersecurity incident was declared when a hacker gained malicious access to the water treatment system of Oldsmar, Florida. Officials said the hacker tried to increase the level of sodium hydroxide in the city’s water supply, putting thousands at risk of being poisoned. Fortunately, it was quickly confirmed that this potential terroristic act did not come to fruition. Two years later, we still have no details on the malicious actor.

May 30, 2023

Raijin announces release of version 1.1

Raijin has announced the release of version 1.1 of its powerful, schemaless SQL-like database engine. Many new features have been added to version 1.1. Let’s take a look at the highlights. Prometheus exporter improvements Introduced disk usage statistics - Disk usage statistics about free space availability and file system size were introduced. Introduced query statistics - Event and query statistics were introduced in the Prometheus exporter. The following statistics can be queried:

May 26, 2023

How to monitor file access in Windows

File access auditing is the process of tracking who reads, modifies, or deletes files on a system, providing a record of user activity for security and compliance purposes. On Windows systems, this is especially important for monitoring sensitive or business-critical files, such as financial records, HR data, or confidential customer information, where unauthorized access could result in a data breach or regulatory violation. In this post, I’ll show you how to enable file access auditing on Windows and use NXLog Agent to collect and forward file access events to help you protect sensitive data and meet compliance requirements.

May 9, 2023

BROP attacks - What is it and how to defend yourself?

Have you ever locked yourself out of your car? After calling for roadside service, your tow truck driver forces the internal locking mechanism open with a slim-jim. Car thieves quickly discovered this technique and began using it to steal cars. Digital thieves have devised a similar attack called a Blind Return-Oriented Programming (Blind ROP, or just BROP) attack. It’s as quiet as a jackhammer on cement, but an attacker can open a remote shell and gain remote code execution on your server if the conditions are right.

All articles

Featured posts

Categories

All articles

Sign up

Featured posts

Categories