Blumira integrates with Microsoft Windows operating systems to provide automated threat detection and actionable response. Blumira supports the following Microsoft Windows Server operating systems:
Blumira provides broad coverage for Windows Server including collecting logs and recommends using NXLog, Command Line Logging, DNS Debugging and Winlogbeat.
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.
NXLog is a multi-platform log management tool that helps to easily identify security risks, policy breaches or analyze operational problems in server logs, operation system logs and application logs. In concept, NXLog is similar to syslog-ng or Rsyslog, but it is not limited to UNIX and syslog only.
define SIEM 10.11.12.13
Enabling Additional Logging
If you are using Windows 2003
By enabling Sysmon (System Monitor) in three easy steps, you can turn on advanced Windows logging for greater visibility. See How to Enable Sysmon for instructions.
Once Sysmon is configured, you will need to add the Sysmon event channel to your NXLog configuration in order to start sending logs to Blumira’s platform for detection and response. You can use our latest version of Flowmira, or add the Sysmon route to your existing config. The latest version of Flowmira can be found here: https://github.com/Blumira/Flowmira/blob/master/nxlog.conf
For instructions on how to configure detection for Windows Firewall using NXLog, please see the following documentation:
https://www.blumira.com/integration/microsoft-windows-firewall/
For instructions on how to configure detection for IIS using NXLog, please see the following documentation: https://www.blumira.com/integration/microsoft-windows-iis/
For instructions on how to configure detection for PowerShell using NXLog, please see the following documentation:
https://www.blumira.com/integration/windows-server-powershell/
For instructions on how to configure detection for DNS using NXLog, please see the following documentation: https://www.blumira.com/integration/microsoft-windows-dns/