What Changed

Microsoft Sentinel Content Hub has removed five complete NXLog partner solutions at vendor request (ADO #5253676):

  • NXLog BSM macOS: Basic Security Module audit events from macOS systems
  • NXLog FIM: File Integrity Monitoring across platforms
  • NXLog LinuxAudit: Native Linux audit framework integration
  • NXLog AIX Audit: IBM AIX system audit trail collection
  • NXLog DNS Logs: DNS query/response monitoring with ASIM normalization

Security Impact (Visibility & Fidelity)

Organizations currently using these solutions will lose critical security telemetry:

Audit Trail Blind Spots: Linux/AIX audit visibility eliminated for privilege escalation detection (T1078), file system tampering (T1565), and administrative actions monitoring. Systems configured with these connectors will stop ingesting audit events.

File Integrity Loss: FIM solution removal eliminates detection of unauthorized file modifications, configuration tampering, and malware persistence mechanisms across monitored file systems.

DNS Monitoring Gap: The removed DNS connector provided ASIM-normalized DNS event ingestion for DNS tunneling detection and suspicious domain monitoring — alternative Microsoft DNS solutions may not cover the same log sources.

Cross-Platform Coverage: These solutions specifically addressed Unix/Linux/AIX environments where Microsoft-native logging solutions have limited reach.

Migration Required

Users of these solutions must:

  1. Identify alternative data collection mechanisms before connector removal
  2. Reconfigure log forwarding to supported Syslog or CEF connectors
  3. Update detection rules referencing BSMmacOS_CL, NXLogFIM_CL, LinuxAudit_CL, AIX_Audit_CL tables
  4. Validate ASIM DNS parser functionality if using ASimDnsMicrosoftNXLog

The removal affects both real-time data ingestion and historical query capabilities for environments dependent on these specific NXLog integrations.

Affected Files

Solutions/NXLog BSM macOS/Data Connectors/NXLogBSMmacOS.json
Solutions/NXLog FIM/Data Connectors/NXLogFIM.json
Solutions/NXLog LinuxAudit/Data Connectors/NXLogLinuxAudit.json
Solutions/NXLogAixAudit/Data Connectors/NXLogAixAudit.json
Solutions/NXLogAixAudit/Parsers/NXLog_parsed_AIX_Audit_view.yaml
Solutions/NXLogDnsLogs/Data Connectors/NXLogDnsLogs.json
Solutions/NXLogDnsLogs/Parsers/ASimDnsMicrosoftNXLog.yaml
(packaging artefacts: 2.0.0.zip, 2.0.1.zip, 3.0.0.zip, SolutionMetadata.json, Solution_NXLogAixAudit.json, Solution_NXLogBSMmacOSTemplateSpec.json, Solution_NXLogDnsLogs.json, Solution_NXLogFIMTemplateSpec.json, Solution_NXLogLinuxAuditTemplateSpec.json, createUiDefinition.json, mainTemplate.json)