NXLog LinuxAudit connector for Microsoft Sentinel
The NXLog LinuxAudit data connector supports custom audit rules and collects logs without auditd or any other user-space software. IP addresses and group/user IDs are resolved to their respective names making Linux audit logs more intelligible to security analysts. This REST API connector can efficiently export Linux security events to Microsoft Sentinel in real-time.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | LinuxAudit_CL |
Data collection rules support | Not currently supported |
Supported by | NXLog |
Query samples
Most frequent type
LinuxAudit_CL
| summarize EventCount = count() by type_s
| where strlen(type_s) > 1
| render barchart
Most frequent comm
LinuxAudit_CL
| summarize EventCount = count() by comm_s
| where strlen(comm_s) > 1
| render barchart
Most frequent name
LinuxAudit_CL
| summarize EventCount = count() by name_s
| where strlen(name_s) > 1
| render barchart
Vendor installation instructions
Follow the step-by-step instructions in the NXLog User Guide Integration Topic Microsoft Sentinel to configure this connector.
Next steps
For more information, go to the related solution.
Phản hồi
https://aka.ms/ContentUserFeedback.
Sắp ra mắt: Trong năm 2024, chúng tôi sẽ dần gỡ bỏ Sự cố với GitHub dưới dạng cơ chế phản hồi cho nội dung và thay thế bằng hệ thống phản hồi mới. Để biết thêm thông tin, hãy xem:Gửi và xem ý kiến phản hồi dành cho