Muokkaa

Jaa


NXLog AIX Audit connector for Microsoft Sentinel

The NXLog AIX Audit data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) AIX_Audit_CL
Data collection rules support Not currently supported
Supported by NXLog

Query samples

AIX Audit event type distribution

NXLog_parsed_AIX_Audit_view

| summarize count() by EventType

| render piechart title="AIX Audit event type distribution"

Highest event per second (EPS) AIX Audit event types

NXLog_parsed_AIX_Audit_view

| where EventEndTime >  todatetime('2021-09-09')

| summarize EPS=count() by bin(EventEndTime, 1s), EventType

| sort by EPS, EventType, EventEndTime

| take 5

| render columnchart title="Highest event per second (EPS) event types"

Time chart of AIX Audit events per day

NXLog_parsed_AIX_Audit_view

| where EventEndTime >= todatetime('2021-09-06')

| where EventEndTime <  todatetime('2021-09-10')

| summarize Count=count() by bin(EventEndTime, 1d)

| render timechart title="AIX Audit events per day"

Time chart of AIX Audit events per hour

NXLog_parsed_AIX_Audit_view

| where EventEndTime >= todatetime('2021-09-07')

| where EventEndTime <  todatetime('2021-09-08')

| summarize Count=count() by bin(EventEndTime, 1h)

| render timechart title="AIX Audit events per hour"

AIX Audit events per second (EPS) time chart

NXLog_parsed_AIX_Audit_view

| where EventEndTime >= todatetime('2021-09-07 18:29')

| where EventEndTime <  todatetime('2021-09-07 23:55')

| summarize EPS=count() by bin(EventEndTime, 1s)

| render timechart title="AIX Audit events per second (EPS)"

Vendor installation instructions

Note

This data connector depends on a parser based on a Kusto Function to work as expected NXLog_parsed_AIX_Audit_view which is deployed with the Microsoft Sentinel Solution.

Follow the step-by-step instructions in the NXLog User Guide Integration Guide Microsoft Sentinel to configure this connector.