NXLog AIX Audit connector for Microsoft Sentinel

The NXLog AIX Audit data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Query samples

AIX Audit event type distribution

NXLog_parsed_AIX_Audit_view

| summarize count() by EventType

| render piechart title="AIX Audit event type distributon"

Highest event per second (EPS) AIX Audit event types

NXLog_parsed_AIX_Audit_view

| where EventEndTime >  todatetime('2021-09-09')

| summarize EPS=count() by bin(EventEndTime, 1s), EventType

| sort by EPS, EventType, EventEndTime

| take 5

| render columnchart title="Highest event per second (EPS) event types"

Time chart of AIX Audit events per day

NXLog_parsed_AIX_Audit_view

| where EventEndTime >= todatetime('2021-09-06')

| where EventEndTime <  todatetime('2021-09-10')

| summarize Count=count() by bin(EventEndTime, 1d)

| render timechart title="AIX Audit events per day"

Time chart of AIX Audit events per hour

NXLog_parsed_AIX_Audit_view

| where EventEndTime >= todatetime('2021-09-07')

| where EventEndTime <  todatetime('2021-09-08')

| summarize Count=count() by bin(EventEndTime, 1h)

| render timechart title="AIX Audit events per hour"

AIX Audit events per second (EPS) time chart

NXLog_parsed_AIX_Audit_view

| where EventEndTime >= todatetime('2021-09-07 18:29')

| where EventEndTime <  todatetime('2021-09-07 23:55')

| summarize EPS=count() by bin(EventEndTime, 1s)

| render timechart title="AIX Audit events per second (EPS)"

Vendor installation instructions

Follow the step-by-step instructions in the NXLog User Guide Integration Guide Microsoft Sentinel to configure this connector.