Nov 2019

Welcome to the NXLog 2019 Year End Edition

More than 250,000 NEW downloads for the NXLog Community Edition this year alone and countless more for the NXLog Enterprise Edition.

From the NXLog team, thank you for putting your trust in our log collection suite! Happy logging and we hope to hear from you again in 2020...

NXLog Enterprise Edition v4.6 Now Released

We are happy to announce the release of NXLog Enterprise Edition v4.6. Our team has worked on and solved 69 issues to reach this milestone. This release is mostly about minor functionality improvements and bug fixes. The highlights:

• PUB/SUB support in redis modules
• Updated FlowControl implementation and documentation
• Numerous fixes in our LEEF parser
• Plugged a few small memory leaks

You can grab the packages from Downloads. Installation and upgrade instructions are available in the User Guide under the Deployment section for your platform/s. Read the changelog here.

Top New NXLog Enterprise Edition Features

In addition to fixing issues and enhancing existing features, the following are new features of note that have been added as part of the NXLog log collection suite this year:

• Expanding the list our supported platforms towards Amazon Linux 2 on ARM instances, Debian 10, Redhat 8.
• MSI certifified on supported Windows Server platforms and addition of support on Windows 2016 Nano.
• Extended support on macOS platforms - High Sierra, Mojave and Catalina.
• Better integration support with Elastic Search - including support for grok patterns, proxy support, as well as being able to connect with Humios ES service.
• Better support for using using the im_wseventing module, allowing users to use this as a Windows Event Collector on Windows or Linux platforms.
• Enhancement of the Event Tracing for Windows module for better log collection with ETW providers.
• Ability to store log messages in a Raijin server, a schema-less database.
• Added support for Kerberos/SASL to Windows and generic packages.
• Addition of the Nessus Add-on.

Top New Additions to the NXLog User Guide

• Addition of the IBM QRadar SIEM Integration Guide with information about setting up this integration, both for generic structured logs and for several specific log types, and output examples for forwarding the processed logs to QRadar.
• Addition of the McAfee Enterprise Security Manager SIEM Integration Guide with details about setting up NXLog to forward events from several types of log sources.
• Addition of the RSA NetWitness Integration Guide. NXLog is an officially supported RSA Ready certified product and can be configured as the log collection agent for NetWitness.
• Addition of the Windows Management Instrumentation Integration Guide. These logs can be collected via Windows Event Log, ETW or read from WMI log files.
• Addition of the Symantec Endpoint Protection (SEPM) Integration Guide. Symantec Endpoint Protection Manager (SEPM) stores log data in an MSSQL Server database or in an embedded database, which can then be integrated with NXLog for log collection.
• Addition of the Windows AppLocker Integration Guide. 
• Addition of collecting logs from Sysmon for DNSEvent in the Windows DNS Server section.
• Extension of the BIND 9 DNS server log collection section.
• Extension of the Splunk Integration Guide to include more details to send specific log types.
• Extension of log collection topics for Linux ie Linux Audit rules.
• Extension of log collection topics for Windows - see our new landing page for all you need to know about collecting Windows Event Log and see our section on collecting important Windows Active Directory Domain Controller Event ID logs.

Explore the rest of the User Guide here. 

New NXLog Partners and Integrators for 2019

This year was an immensely productive year for partnerships, certifications and integrations.

• The Windows MSI installer passed the Windows Server 2012 R2, 2016 and 2019 certification tests.
• Certified for RHEL 7 by Red Hat Enterprise Linux.
• Certified for the SUSE Linux Enterprise System and SUSE Linux Enterprise Desktop versions.
• Part of the RSA Ready Technology Partner network.
• Part of the McAfee Security Innovation Alliance Partner Directory.
• Part of the Securonix Fusion Partners Directory.
• Part of the IBM PartnerWorld Global Solutions Directory.
• A Technology Alliance partner with Splunk.
• ...and more integrations available across a number of log management suites, SIEM suites, AV providers, and more.

Are you an Integrator or MSSP interested to hear more about log collection solutions? Contact the Sales team by replying to this email or download our flyer.

Top Articles and Resources Featuring NXLog 

• Interview with NXLog at the Enterprise Security Magazine SIEM Special Edition.
• Pesentation by Radar Cyber Security, "Facing the challenge(s) of Windows logs collection to leverage valuable IOCs", presented at Swiss Cyber Storm.
• Mentioned as a log collector in the GSEC GIAC Security Essentials Certification All-in-One Exam Guide, Second Edition.
• A suggested log collector in this talk "Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework".
• Article in opensource.com "Reducing security risks with centralized logging".
• McAfee has announced, at the Black Hat USA security conference, the McAfee Security Innovation Alliance (SIA) program of which NXLog is a part of.
• "Everything You Never Knew (but Need to) About Endpoint Security" article posted on Security Boulevard.

New White Papers and Articles Released

We have also released a new section for white papers as well as articles on log collection related topics.

• Read the The Importance of DNS Logging in Enterprise Security White Paper.
• Read the Using Structured Logging for Effective Log Management White Paper.
• Read the article on Agent-based versus agent-less log collection.
• Read the article on converting and forwarding Windows Event Log via Syslog.
• Read the article on sending ETW logs to Splunk.

Happy logging and see you in 2020!