What is Flowmira?
Flowmira is a set of customized NXLog configurations that can be used to generate data from Windows endpoints, used for greater visibility into host actions. We recommend using NXLog for Windows log collection.
What is NXLog?
NXLog is a multi-platform log shipping tool Blumira recommends using to help easily identify security risks, policy breaches or analyze operational problems in server logs, operation system logs, and application logs. In concept, NXLog is similar to syslog-ng or Rsyslog, but it is not limited to UNIX and syslog only.
Where can I get NXLog?
You can download the community edition for free from NXLog. If you require WEF, you should obtain a license for the Commercial version of NXLog. If you’re a Blumira customer, you can utilize the Logstash Module to collect WEF logs instead of purchasing a NXLog Commercial license.
Why does an organization need this?
Windows logs are an invaluable source of security visibility. That said, time is a precious commodity. Spend that scarce resource somewhere other than designing a log forwarding configuration file with a proprietary syntax.
With deeper insight into security risks, policy breaches or operational problems in server logs, you can identify any potential ongoing issues in your Windows environment early enough to address them faster.
What does it do?
The configuration file defines what local event logs to forward via the NXLog agent to the Blumira sensor or a traditional SIEM. Flowmira facilitates the process by pre-defining a number of security-centric event logs, including PowerShell, IIS, Windows Firewall, and classic Windows Event Logs.
Why did we create it?
Blumira is offering Flowmira to the public in order to help simplify Windows machine log collection for all organizations. These configurations can help you gain additional insight for better threat detection and response.
Check out Logmira, a set of group policy configurations for advanced Windows logging that you can download, free from Blumira. These were created by Blumira’s Sr. Incident Detection Engineer, Amanda Berlin to help increase Windows log visibility for threat detection, and to help meet compliance auditing requirements.