Mar 2022

Aggregating macOS logs for SIEM systems

In recent years, for a number of reasons, Macs have become viable alternatives to PCs in many large corporations. Whether your Mac users are working on spreadsheets in accounting or they belong to creative teams developing software or marketing content, your digital assets are valuable and need to be monitored to detect any potential security threats.

However, by default, ULS events are only aggregated for the Mac that generated them. For any situation other than a single user working in a silo, log aggregation is a requirement, if you wish to have any benefit from your SIEM.

Because NXLog can enrich log events, like adding a Hostname field, aggregation can now be used to provide insight into which users, teams, business units, regions, are experiencing which types of threats, how often, and using which processes. Once these enriched events are ingested by your SIEM, it is possible to query for specific types of events to see which workstations might have been targeted by a known threat.

See how you can set up a centralized NXLog relay server

Deploying and managing NXLog with Ansible

Ansible has become an industry standard when it comes to configuring and managing servers. As a configuration management tool, it carries the burden of simplifying system administration tasks, such as installing and updating software packages, and infrastructure provisioning. In this post, we will create an Ansible playbook that will enable us to automate the installation and configuration of NXLog across multiple endpoints. Whether you need only a single endpoint today or thousands of endpoints next week, Ansible will do the heavy lifting for you.

Read the blog post here.

Sending Siemens SIMATIC PCS 7 logs to Google Chronicle

Collecting logs from Siemens SIMATIC PCS 7 and sending them to Google Chronicle can be a complex task because of the unique combination of the log source and the desired destination. In this post, we will take you through the process of forwarding log data from SIMATIC PCS 7 to Google Chronicle using the NXLog log collection agent.

Red the post here.

NXLog Community Edition support for Raijin Database

Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution.

Read the blog post here.

Deploying and managing NXLog with Puppet

In this post, we will look at how you can create your Puppet Bolt project directory, your inventory YAML file, and finally, your Puppet Bolt Plan to deploy NXLog on a variety of Operating Systems.

Read the blog post here.

Top Social Media Chatter March

What did the community have to say about NXLog on social media?  Tweet us or share our updates with us on LinkedIn for an opportunity to be listed in this newsletter.

Share this post