https://nxlog.co/news-and-blog/tags/telemetry-analysis/ Recent content in Telemetry analysis on NXLog Blog Hugo -- gohugo.io en-us Thu, 27 Jul 2023 09:42:06 +0000 https://nxlog.co/news-and-blog/posts/detect-threats-using-nxlog-and-sigma/ Thu, 27 Jul 2023 09:42:06 +0000 https://nxlog.co/news-and-blog/images/categories/security.png https://nxlog.co/news-and-blog/posts/detect-threats-using-nxlog-and-sigma/ <img src="https://nxlog.co/news-and-blog/images/categories/security.png" width=500 /> The analysis of events produced by various systems and applications can offer insights into the infrastructure health and the operational resilience of an enterprise. From an Infosec perspective, the end-goals are: threat detection, forensics and remediation. However, we can’t query or analyse data that we haven’t collected in the first place! Before threat hunting and incident response are even possible, security events need to be collected from various sources, parsed, transformed, and then forwarded to data sinks such as security information and event managements (SIEM), security analytics platforms, cloud ecosystems and long term storage. https://nxlog.co/news-and-blog/posts/nxlog-ce-raijin-database-support/ Tue, 22 Feb 2022 20:12:59 +0100 https://nxlog.co/news-and-blog/images/categories/announcement.webp https://nxlog.co/news-and-blog/posts/nxlog-ce-raijin-database-support/ <img src="https://nxlog.co/news-and-blog/images/categories/announcement.webp" width=500 /> Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution. What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format. https://nxlog.co/news-and-blog/posts/using-raijin-database-engine-to-aggregate-and-analyze-windows-security-events/ Thu, 29 Jul 2021 01:14:19 -0500 https://nxlog.co/news-and-blog/images/categories/strategy.webp https://nxlog.co/news-and-blog/posts/using-raijin-database-engine-to-aggregate-and-analyze-windows-security-events/ <img src="https://nxlog.co/news-and-blog/images/categories/strategy.webp" width=500 /> In this post, we will look at how to use Raijin Database Engine as a backend in a centralized logging environment for collecting and aggregating Windows security events. We will also show you how to integrate Raijin with an open source data exploration tool. Finally, you will see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools. A low-cost, lean and mean data discovery solution Although the combination of tools we present here cannot compete with a full-fledged SIEM solution, they do offer quite a few advantages for security analysts who need a responsive, highly customizable data discovery solution that accepts ad hoc SQL.