All posts NXLog Blog

March 3, 2022

Cyberattacks on the power grid - are you prepared?

In light of recent news stories about possible cyberattacks on the U.S. power grid, we are inclined to ponder over precautions we can take to prepare for such a scenario. If you are in the public utilities industry, this blog post is for you. But, if you’re not, don’t worry. We will cover some basic principles you can follow to get your organization ready before such a cyberattack occurs.

March 1, 2022

Deploying and managing NXLog with Ansible

Ansible has become an industry standard when it comes to configuring and managing servers. As a configuration management tool, it carries the burden of simplifying system administration tasks, such as installing and updating software packages, and infrastructure provisioning. In this post, we will create an Ansible playbook that will enable us to automate the installation and configuration of NXLog across multiple endpoints. Whether you need only a single endpoint today or thousands of endpoints next week, Ansible will do the heavy lifting for you.

February 22, 2022

NXLog Community Edition support for Raijin Database

Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution. What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format.

February 17, 2022

Aggregating macOS logs for SIEM systems

Apple has made great strides in recent years, not only with its innovative hardware, but also with incremental improvements to its operating systems. For a number of reasons, Macs have become viable alternatives to PCs in many large corporations. Apple also continues to maintain a strong presence in institutions of higher education, as it has for decades in the US. Whether your Mac users are working on spreadsheets in accounting or they belong to creative teams developing software or marketing content, your digital assets are valuable and need to be monitored to detect any potential security threats.

February 3, 2022

How to prevent and detect Log4j vulnerabilities

The Apache Log4j vulnerability has attracted a lot of media attention as a result of recent security incidents that were reported by some organizations using versions 2.0-beta9 through 2.14.1. This security flaw has the potential to affect thousands of applications since some of the world’s largest databases rely on Log4j. Because so many organizations are affected, cybercriminals are actively exploiting this well-known vulnerability. Why is this so dangerous? In addition to the threat of malware and ransomware, hackers can also perform remote code execution due to the Log4j vulnerability.

February 2, 2022

Reliable delivery of logs - can you trust TCP?

When considering your log collection strategy, a decision you have to make is which transport protocol to use to transfer logs from source to destination. The choice is often between the two most commonly used protocols, UDP (User Datagram Protocol) and TCP (Transfer Control Protocol). Which one to use depends on the type of logs you need to transfer, and whether performance or reliability is more important. This blog post will compare these protocols, discuss why TCP is usually the preferred choice, and provide some options to further increase log delivery reliability with NXLog Enterprise Edition.

February 2, 2022

NXLog vs IBM QRadar WinCollect - Let's get things straight

How does NXLog Enterprise Edition compare to the IBM QRadar WinCollect event forwarder? IBM QRadar SIEM collects, processes, and aggregates log data to provide real-time monitoring and automated response to network threats. With its powerful correlation engine and specialized modules for risk and vulnerability management, it is no surprise that it is among the highest-rated tools on Gartner Peer Insights. To get the best out of a platform like IBM QRadar, you need to ensure that you send the proper amount of data in a format that it can process efficiently.

January 25, 2022

Understanding and auditing WMI

If you’re a cyber security enthusiast, you’ve probably heard a lot about Windows Management Instrumentation (WMI) lately. There’s a good reason why this topic has gained popularity, however, this technology has been integrated into Windows operating systems for over 20 years now. In this blog post, we will delve into how WMI works, the risks resulting from misuse, and how to audit it with NXLog. A standardization effort The first thing to clarify about WMI is that it’s not a Windows-only technology.

January 3, 2022

Log aggregation with NXLog

The value of log aggregation There is no denying the importance of log aggregation for multi-million-dollar enterprises worldwide. But just what is log aggregation? And how can it help your organization? Well, log aggregation is the process of standardizing and consolidating your log data from distributed systems across your network into one centralized server. By doing so, you have a unified view of what occurs across your entire IT infrastructure.

October 27, 2021

Three important features you can have with the Enterprise Edition over the Community Edition

Features of NXLog Enterprise Edition you must have So, it turns out that your organization needs a reliable solution that can collect, parse, forward, and aggregate your log data. This need might be based on any number of reasons. Perhaps it is due to regulatory compliance mandates. Maybe your security analysts have realized that collecting security logs is the best way to detect potential cyber attacks. These are all valid reasons.

All articles

Featured posts

Categories

All articles

Sign up

Featured posts

Categories