![]() I think that being able to " stream" it would be a valuable addition to NxFilter.īy enabling log forwarding to a SIEM, it would empower admins and organizations to leverage the full potential of both NxFilter and their SIEM solution, enhancing their security posture and incident response capabilities. Has anyone in the community managed to do this? Any feedback would be greatly appreciated. I could not find where, on how (i.e., on what format) does NxFilter stores the logs we see in /logging,request.jsp By aggregating logs from various sources, admins and security analysts can have a global view of events, as well as being able to detect production & security incidents. One possible solution is to install an agent on the server (cloud SIEM provide those) to read the content of a file and send it to the HTTP collector of the SIEM. Context Having a SIEM in an enterprise environment enables centralized log management, real-time monitoring, and advanced analytics. So those two articles are not applicable for us. In my efforts of exploring the documentation and the WebUI, I found those two articles:Ĭontrary to internally-hosted SIEMs (which often have a syslog collector), cloud SIEMs rely on HTTP collectors, and the preferable event format is JSON. This means that, in my environment and context, admins and security analysts would need to connect to the NxFilter WebUI to investigate events instead of being able to see them from the SIEM. While NxFilter is excellent, I've been struggling to find a way to send logs to a "cloud" (SaaS) SIEM. ![]() Having a SIEM in an enterprise environment enables centralized log management, real-time monitoring, and advanced analytics. ![]() TL DR : How to send NxFilter DNS Filtering logs to a SaaS SIEM (Splunk Cloud, DataDog, SumoLogic, New Relic)? Context
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |