Прочетете на английски Редактиране

Споделяне чрез

NXLog FIM connector for Microsoft Sentinel

  • Статия

The NXLog FIM module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) NXLogFIM_CL
Data collection rules support Not currently supported
Supported by NXLog

Query samples

Find all DELETE events

Kusto 
NXLogFIM_CL

| where EventType_s == 'DELETE'

| project-away
SourceSystem,
Type

| sort by EventTime_t

Bar Chart for Events per type, per host

Kusto 
NXLogFIM_CL

| summarize EventCount = count() by Hostname_s, EventType_s

| where strlen(EventType_s) > 1

| project Eventype = Hostname_s, EventType_s, EventCount

| order by EventCount desc

| render barchart

Pie Chart for visualization of events per host

Kusto 
NXLogFIM_CL

| summarize EventCount = count() by Hostname_s, EventType_s

| sort by EventCount

| render piechart

General Summary of Events per Host

Kusto 
NXLogFIM_CL

| summarize count() by Hostname_s, EventType_s

Vendor installation instructions

Follow the step-by-step instructions in the Microsoft Sentinel integration chapter of the NXLog User Guide to configure this connector.