NXLog FIM connector for Microsoft Sentinel
The NXLog FIM module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | NXLogFIM_CL |
| Data collection rules support | Not currently supported |
| Supported by | NXLog |
Query samples
Find all DELETE events
NXLogFIM_CL
| where EventType_s == 'DELETE'
| project-away
SourceSystem,
Type
| sort by EventTime_t
Bar Chart for Events per type, per host
NXLogFIM_CL
| summarize EventCount = count() by Hostname_s, EventType_s
| where strlen(EventType_s) > 1
| project Eventype = Hostname_s, EventType_s, EventCount
| order by EventCount desc
| render barchart
Pie Chart for visualization of events per host
NXLogFIM_CL
| summarize EventCount = count() by Hostname_s, EventType_s
| sort by EventCount
| render piechart
General Summary of Events per Host
NXLogFIM_CL
| summarize count() by Hostname_s, EventType_s
Vendor installation instructions
Follow the step-by-step instructions in the Microsoft Sentinel integration chapter of the NXLog User Guide to configure this connector.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for