fbpx
Back Arrow Back to All Integrations

Microsoft Windows IIS

Microsoft Windows IIS

Windows IIS Server

Internet Information Services (IIS) is Microsoft’s extensible web server software for the Windows NT operating system. It provides a modular and extensible platform for hosting websites, services and applications.

 

Blumira integrates with Microsoft Windows operating systems to provide automated threat detection and actionable response for IIS. Blumira supports the following Microsoft Windows server operating systems:

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012R2
  • Windows Server 2012
  • Windows Server 2008R2
  • Windows Server 2008
  • Windows Server 2003R2
  • Windows Server 2003

Blumira provides broad coverage for Windows Server including collecting logs using NXLog, Command Line Logging, DNS Debugging and Winlogbeat.

 

Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.

 

Free Trial

Setting Up NXLog for Windows

You will need to first install and configure NXLog on the windows host using these instructions: https://www.blumira.com/integration/windows-server/

Setting Up IIS Logging

Event Viewer Collection for IIS – Recommended

If you currently use IIS, you should run the following commands in an Administrative command prompt to enable logging:

wevtutil sl Microsoft-IIS-Configuration/Administrative /e:true
wevtutil sl Microsoft-IIS-Configuration/Operational /e:true
wevtutil sl Microsoft-IIS-Logging/Logs /e:true

If IIS is not installed you will get an error.  That’s OK, it’s non-harmful if being used across a broad deployment.

Lastly, each IIS server will need its logging configuration changed in Log Event Destination to support the Event Log.

net stop nxlog && net start nxlog
  • Data from IIS will start flowing

NOTE: If you have more than one Site on your host, you will need to ensure that each Site is configured appropriately for Logging.