SlideShare a Scribd company logo

What's New Logrhythm 5.1 Data Sheet

J
jordagro
SportsTechnology
1 of 12
Download to read offline
• What’s New in LogRhythm® Version 5.1
What’s New in LogRhythm ® Version 5.1 Dear LogRhythm Customers, I am pleased to introduce LogRhythm 5.1, the latest version of our award winning software. I think you will be very happy with the extensive list of new features, capabilities, and improvements introduced. As I think you‟ll come to appreciate, LogRhythm 5.1 is far from a typical minor release. I think this release provides a great balance between core “blocking and tackling” capabilities with leading edge innovation. We have long felt our log data collection and management infrastructure is second-to-none. We continue to invest in this area by adding significant new log collection capabilities including native support for SNMP traps and the latest version of Netflow. We have invested in improving our reporting infrastructure by providing you the ability to create your own templates for determining exactly how you want a report to look. In addition, you can select to use your company logo instead of ours for presentation in a report. We have introduced new meta-data fields and significantly enhanced how some derived meta-data values are determined. We also introduced a variety of new capabilities and improvements for easing the administration of your LogRhythm deployment. On more of the leading-edge innovation front, we have introduced a number of new features that I am personally very excited about. We‟ve added Geolocation, the ability to see where hosts contained in log messages physically reside. While some of our competitors have capabilities in this area, what excites me is that we introduce Geolocation at the log and event layer whereas others have only focused at the event layer. This provides great forensic context for every log message, context that provides a wealth of capabilities today and more in the future. One of those capabilities is leveraged in another new feature called Network Visualization. This is a very powerful visual analysis tool that provides a visual depiction of host-to-host relationships across boundaries such as location. One thing I feel has always differentiated us is our focus on filling the “visibility gaps”. While logs do provide tremendous visibility on their own, often they don‟t provide the complete story. A core capability of the LogRhythm System Monitor is to fill in these gaps at the endpoint. Two new powerful forensic visibility capabilities have been introduced in 5.1. Process Monitor provides independent monitoring of processes running on a host, when they start, and when they stop. Network Monitor provides independent monitoring of listening services, inbound connections, and outbound connections to/from a host. These capabilities, combined with existing endpoint monitoring features (i.e., File Integrity Monitor, DataLoss Defender), provide powerful and unequaled forensic awareness and visibility at the host. I hope you find LogRhythm 5.1 as exciting as we do. The LogRhythm engineering team has worked hard to bring you another quality software release we are very proud of. Sincerely, Chris Petersen CTO, VP Engineering, Co-founder
What’s New in LogRhythm ® Version 5.1 Overview This document provides a brief description of new features and the most significant improvements introduced in LogRhythm 5.1. Please refer to the Release Notes for the complete list of new features, improvements, modifications, and known issues found in LogRhythm 5.1. System Monitor Features and Improvements New Operating System Support We have added support for the following operating systems and Linux distributions: HP-UX Linux Debian Linux Ubuntu New Collection Interfaces, Capabilities, and Improvements SNMP Trap Listener The Windows System Monitor now includes an integrated SNMP Trap Listener. SNMP versions 1, 2 and 3 are supported. Netflow v9 The Windows System Monitor now supports Netflow v9 in addition to version 1 and 5. This provides support for the latest version of Netflow shipping with Cisco products. Netflow v9 is also compatible with a variety of non-Cisco products. Recursive Flat File Collection This capability allows for the collection of flat files matching a specific file name pattern that reside in root or child directories. This is ideal for applications (i.e., web servers) that generate new directories containing log files on a daily or weekly basis. Integrated Syslog Server for UNIX and Linux System Monitor The Windows System Monitor has always had an integrated Syslog Listener for receiving UDP and TCP based Syslog. This same capability has been added in UNIX and Linux versions of the System Monitor. This is ideal for extending the collection infrastructure in *NIX-centric environments where a single agent can collect and forward Syslog from the entire environment. Checkpoint Firewall/VPN Secure Configuration Verification (SCV) Support The Windows System Monitor now supports collection of logs generated via Checkpoint‟s Secure Configuration Verification module. Windows Remote Event Log Connection Optimization The number and frequency of new connections required to collect Event Logs remotely has been significantly reduced. This results in overall performance improvements and reduces the number of logs written to the Windows Security Event log as a result of remote collection activity.
What’s New in LogRhythm ® Version 5.1 Windows 1252 Codepage Extended ASCII support Log messages containing Extended ASCII characters for languages included in the Windows 1252 codepage will be collected and presented in native language. This includes the following languages: Afrikaans Finnish Malay Basque French Norwegian Catalan Galician Portuguese Danish German Spanish Dutch Icelandic Swahili English Indonesian Swedish Faroese Italian New Forensic Visibility and Awareness Features A tenet of LogRhythm‟s vision is to provide profound visibility into the operating environment. We do this to help our customers better understand the environment as it affects or is impacted by security, operations, and compliance/audit events. In LogRhythm 5.1, we have introduced two significant features that provide forensic awareness into the activity of a host. Network Connection Monitor This feature provides an audit trail of connections to and from the host on which the System Monitor is installed. We also detect and log listening services. This is an optional capability available in System Monitor Lite that can provide constant or on-demand visibility into how a host is interacting on the LAN, WAN and Internet. Use Case Deploy System Monitors and enable Network Connection Monitor on servers in a DMZ and alert on unauthorized connections from DMZ hosts to hosts on the Internet or inside the trusted network. Use Case Deploy System Monitors and enable Network Connection Monitor on key servers and alert if observe network connection initiating directly from the Internet or other unauthorized networks. Process Monitor This feature provides an audit trail of processes running on a host. Logs are generated whenever a new process or program starts or a previously running process or program stops. This is an optional capability available in System Monitor Lite that can provide constant or on-demand visibility into what processes and applications a host is running. Use Case Deploy System Monitors and enable Process Monitor on key servers. Create a whitelist of authorized programs and alert if any program is observed not in the approved whitelist. Use Case Deploy System Monitors and enable Process Monitor on user desktops. Create a blacklist of high-risk unauthorized programs (i.e., BitTorrent) and alert if such programs are observed on monitored hosts.
What’s New in LogRhythm ® Version 5.1 System Monitor Feature Matrix System Monitor System Monitor Lite Pro Windows UNIX Windows UNIX Timestamp Normalization X X X X Collection Scheduling X X X X Compressed Data Transmission X X X X Encrypted Data Transmission X X X X Flat File Log Collection X X X X Recursive Flat File Log Collection New! 5.1 New! 5.1 New! 5.1 New! 5.1 Windows Event Log Collection X X Remote Windows Event Log Collection X X Integrated UDP Syslog Server X New! 5.1 X New! 5.1 Integrated TCP Syslog Server X New! 5.1 X New! 5.1 Integrated Netflow Server v1 and v5 X Integrated Netflow Server v9 New! 5.1 Integrated SNMP Trap Receiver New! 5.1 Remote Checkpoint Firewall Log Collection (via LEA) X Remote Cisco IDS Log Collection (via (SDEE) X Remote Database Log Collection (UDLA) X System Performance Monitoring X X X X Data Loss Defender X X File Integrity Monitoring X X Process Monitor New! 5.1 New! 5.1 New! 5.1 New! 5.1 Network Connection Monitor New! 5.1 New! 5.1 New! 5.1 New! 5.1 User Activity Monitoring X X X X New Meta-data Fields and Resolution Enhancements In 5.1, new meta-data fields have been introduced. We also improve how some derived values are determined. These are very significant changes in terms of what information is presented for every log message and event. These new fields and enhancements provide immediate value from an analysis, reporting, and alerting standpoint. They have also been implemented to prepare for additional automated and visual analysis capabilities planned in future releases. NOTE: It is very important the Administrator of LogRhythm understands how the configuration of your deployment affects how these fields are determined and as a result, their usefulness throughout the product. Please refer to online help to learn more or contact support for additional information. New Meta-Data Fields Origin & Impacted Entity The Origin Entity is the Entity to which the Origin Host is associated. The Impacted Entity is the Entity to which the Impacted Host is associated. Because Entities typically map to physical operating locations or classes of systems, these two fields provide very useful context in terms of understanding the Entity from which the action (i.e., attack, logon) originated and the Entity impacted by the action. The introduction of these fields enable analysis, reporting and alerting based on the Entity in which the Origin or Impacted Host resides.
What’s New in LogRhythm ® Version 5.1 Use Case Report and alert on authentication activity across Entity boundaries. For instance if each entity were a separate business unit, this report would be of authentications between business units. Origin & Impacted Network The Origin Network is the network to which the Origin Host is associated. The Impacted Network is the Network to which the Impacted Host is associated. These two fields provide very useful context when analyzing Host-to-Network and Network-to-Network relationships. The introduction of these fields enable analysis, reporting and alerting based on the Network in which the Origin or Impacted Host resides. Use Case Report and alert on network traffic between untrusted and trusted networks. For instance, if you had created a DMZ Network and a Production Servers Network, you could alert on any activity originating from the DMZ Network targeting any host in the Production Servers network. Origin & Impacted Zone The Origin Zone is the Zone (Internal, External, DMZ) in which the Origin Host resides. The Impacted Zone is the Zone in which the Impacted Host resides. The introduction of these fields enable analysis and reporting based on the Zone in which the Origin or Impacted Host resides. Origin & Impacted Location The Origin Location is the location in which the Origin Host resides. The Impacted Location is the location in which the Impacted Host resides. Location can be presented or considered for filtering at the Country, Region, or City level. These fields are introduced as part of the new Geolocation feature described below and enable analysis, reporting, and alerting based on geographic location Meta-Data Field Resolution Enhancements The approach for deriving the following fields has been modified and improved in LogRhythm 5.1. Although these improvements should not negatively affect an existing deployment, it is important to understand how these fields are determined based on your configuration. Known Origin Host Origin Zone* Known Impacted Host Impacted Zone* Known Origin Network* Direction Known Impacted Network* * NOTE: Although these fields are listed as new in 5.1, the fields did exist in previous versions. However, they were minimally exposed or completely hidden from the end-user. In 5.1 how these fields are determined has changed and the fields are visible and usable directly by the end-user. Log Analysis Features and Improvements Geolocation Ever wonder where an attack originated from geographically or where data was sent to? With LogRhythm Geolocation wonder no more. LogRhythm‟s Geolocation capability can provide city level location awareness for every Origin and Impacted Host represented in a log message. This capability is implemented at the Log Manager layer meaning EVERY log collected by LogRhythm can have Geolocation information assigned. Geolocation information is assigned to a log based on static assignment and automatic resolution. Static location assignment is available to all 5.1 users. This capability allows you to assign specific locations to Known Hosts and Networks that will be used during log processing to assign location to Origin and Impacted Hosts.
What’s New in LogRhythm ® Version 5.1 Automatic location resolution requires a separate software license purchased on an annual subscription basis. Automatic location resolves public IP addresses to the last known physical location. The list of last known locations is provided via the LogRhythm knowledge base and updated periodically. Country-level resolution accuracy is 99.9% with city level resolution accuracy around 95%. Annual license fees for this functionality are $1,000, $2,500 and $5,000 for LR500/LRX1, LR1000/LRX2 and LR2000/LRX3 XM and LM models respectively. If you are interested in licensing this capability, please contact your LogRhythm Customer Relationship Manager at (303) 413-8745. Geolocation information is available in Personal Dashboard, Investigator, and Tail. It is also available in Reports targeting the Event Manager or Log Managers. Geolocation information is not currently available in Log Miner or LogMart. Geolocation criteria can be specified for searches and for reports. Criteria can also be specified for Alarm Rules and Global Log Processing Rules. Use Case Report and alert on remote authentication activity originating from locations outside expected states and/or countries. Use Case Report and alert on data transfers from sensitive servers to locations outside known and authorized geographic operating locations. Network Visualization A new tool has been added to Investigator for visually describing the relationships between hosts as represented in log data. This tool maps the relationships between hosts as contained within configurable containers such as Zone (i.e., DMZ, Internal), Location, and Network. Failure and security conditions are depicted with red links. Line width represents the relative amount of activity between related hosts or host containers. “Mousing” over hosts or host containers provides summary statistics such as kilobytes of traffic, packet counts, and log counts. This tool provides a revolutionary new way of looking at log data containing information on host-to-host interactions. The following screenshot depicts Port 80 and 443 traffic.
What’s New in LogRhythm ® Version 5.1 New Investigator and Personal Dashboard Charts Two new charts have been added to Investigator and Personal Dashboard: Logs by Day and Hour Logs by Day of Week and Hour of Day Use Case Analyze VPN activity by day and hour of day to visually see the frequency and pattern of VPN authentications. Identify anomalous trends in VPN activity based on daily averages and/or time-of-day.
What’s New in LogRhythm ® Version 5.1 New Investigator Meta-Data Charts Three new charts have been added to the Meta-data Statistics tool within Investigator. These three charts provide a visual display of every unique meta-data value compared to all other values across the number of logs, the amount of data sent/received, and the number of packets sent/received. These charts are designed to provide visual trending and easy identification of anomalous activity. Following is a screenshot of the three new charts for a meta-data statistics pain configured to show Impacted Host. Impacted Hosts by Log Count Impacted Host by KBytes In/Out Impacted Host by Items In/Out Time-based Drill-Down Improvements An improved drill-down mechanism has been introduced for all charts that show activity by time. In previous versions of LogRhythm, you were able to drill down on an individual point representing a time range. In 5.1, this capability remains and added is the ability to select a range of time. In any time-based chart simply click and hold the left mouse button and drag the mouse to the right until at the end of the range. Release the left mouse button and double click into the highlighted area to drill-down.
What’s New in LogRhythm ® Version 5.1 Reporting New Features and Improvements Custom Report Templates You can now create your own report templates if the provided out-of-the box templates do not suit your organization‟s needs. Both detail and summary templates can be created via a Wizard based tool. All log message properties can be used with a variety of grouping and sorting options. The result is near infinite possibilities in terms of what you want included in a report. This capability combined with LogRhythm‟s previous reporting capabilities provides near limitless reporting options.
What’s New in LogRhythm ® Version 5.1 Custom Report Branding You can now replace the LogRhythm logo that is printed on reports to an image of your choosing. This is done by selecting File > Options from the Report Center and checking the „Use Custom Logo‟ checkbox. Event Management New Features and Improvements Batch Alarm Record management You can now select multiple alarms in Alarm Viewer and edit their status/comments in batch.
What’s New in LogRhythm ® Version 5.1 Personal Dashboard Shared Filters The filtering function within Personal Dashboard has been significantly improved. Filters are easier to create and manage with more powerful filtering options. In addition, Personal Dashboard Filters can be shared across the LogRhythm user base. Use Case Configure shared Personal Dashboard Filters for security analyst team and helpdesk operations. When these users access their Personal Dashboard, the events displayed are automatically filtered based on their job function. Administration New Features and Improvements Batch System Monitor Agent Editing All properties of a System Monitor can now be edited in batch. This simplifies the administration of deployments where large numbers of System Monitors are deployed. Batch Host and Network Editing Hosts and Networks can now be edited in batch. The following properties are available for batch editing: Zone Location Risk Level Threat Level Right Click Add Host Ever wished you could add a host from a log message you are analyzing to LogRhythm‟s list of Known Hosts? Wish no more. A new context menu is available off Log/Event lists. Simply select the log or event containing the host you wish to add and select to add Origin or Impacted Host as a Known Host. • LogRhythm Headquarters LogRhythm EMEA LogRhythm Asia Pacific Ltd. 3195 Sterling Circle Siena Court, The Broadway 8/F Exchange Square II Boulder, CO Maidenhead Berkshire SL6 1NJ 8 Connaught Place, Central, 80301 United Kingdom Hong Kong 303-413-8745 +44 (0) 1628 509 070 +852 2297 2812

Recommended

FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)Kirill Tsym
 
Hackerworkshop exercises
Hackerworkshop exercisesHackerworkshop exercises
Hackerworkshop exercisesHenrik Kramshøj
 
TekSIP Datasheet
TekSIP DatasheetTekSIP Datasheet
TekSIP DatasheetYasin KAPLAN
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt IntroductionLogic Solutions, Inc.
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Kernel TLV
 
Integrity Protection for Embedded Systems
Integrity Protection for Embedded SystemsIntegrity Protection for Embedded Systems
Integrity Protection for Embedded SystemsSamsung Open Source Group
 
2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System z2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System zShawn Wells
 

Recommended

FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)Kirill Tsym
 
Hackerworkshop exercises
Hackerworkshop exercisesHackerworkshop exercises
Hackerworkshop exercisesHenrik Kramshøj
 
TekSIP Datasheet
TekSIP DatasheetTekSIP Datasheet
TekSIP DatasheetYasin KAPLAN
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt IntroductionLogic Solutions, Inc.
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Kernel TLV
 
Integrity Protection for Embedded Systems
Integrity Protection for Embedded SystemsIntegrity Protection for Embedded Systems
Integrity Protection for Embedded SystemsSamsung Open Source Group
 
2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System z2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System zShawn Wells
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In DepthKernel TLV
 
OpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDconOpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDconMatthew Ahrens
 
Foss Gadgematics
Foss GadgematicsFoss Gadgematics
Foss GadgematicsBud Siddhisena
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPFRogerColl2
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repositoryMatthew Ahrens
 
Devicemgmt
DevicemgmtDevicemgmt
Devicemgmtxyxz
 
SC'18 BoF Presentation
SC'18 BoF PresentationSC'18 BoF Presentation
SC'18 BoF Presentationrcastain
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating systemIsaku Yamahata
 
Enterprise ids-columbus securitysummit-02
Enterprise ids-columbus securitysummit-02Enterprise ids-columbus securitysummit-02
Enterprise ids-columbus securitysummit-02policydoc
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programsMatthew Ahrens
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Open-NFP
 
Firewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackFirewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackMahmoud Shiri Varamini
 
LF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK
 
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareKernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareAnne Nicolas
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Vigor 3910 docker firmware quick start
Vigor 3910 docker firmware quick startVigor 3910 docker firmware quick start
Vigor 3910 docker firmware quick startJimmy Tu
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to BottomKernel TLV
 
LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheetjordagro
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheetjordagro
 

More Related Content

What's hot

EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPFRogerColl2
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repositoryMatthew Ahrens
 
Devicemgmt
DevicemgmtDevicemgmt
Devicemgmtxyxz
 
SC'18 BoF Presentation
SC'18 BoF PresentationSC'18 BoF Presentation
SC'18 BoF Presentationrcastain
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating systemIsaku Yamahata
 
Enterprise ids-columbus securitysummit-02
Enterprise ids-columbus securitysummit-02Enterprise ids-columbus securitysummit-02
Enterprise ids-columbus securitysummit-02policydoc
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programsMatthew Ahrens
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Open-NFP
 
Firewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackFirewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackMahmoud Shiri Varamini
 
LF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK
 
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareKernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareAnne Nicolas
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Vigor 3910 docker firmware quick start
Vigor 3910 docker firmware quick startVigor 3910 docker firmware quick start
Vigor 3910 docker firmware quick startJimmy Tu
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to BottomKernel TLV
 

What's hot (20)

DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
OpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDconOpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDcon
 
Foss Gadgematics
Foss GadgematicsFoss Gadgematics
Foss Gadgematics
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPF
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repository
 
Devicemgmt
DevicemgmtDevicemgmt
Devicemgmt
 
SC'18 BoF Presentation
SC'18 BoF PresentationSC'18 BoF Presentation
SC'18 BoF Presentation
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating system
 
Enterprise ids-columbus securitysummit-02
Enterprise ids-columbus securitysummit-02Enterprise ids-columbus securitysummit-02
Enterprise ids-columbus securitysummit-02
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programs
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit
 
Firewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackFirewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter Stack
 
LF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver model
 
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareKernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
Vigor 3910 docker firmware quick start
Vigor 3910 docker firmware quick startVigor 3910 docker firmware quick start
Vigor 3910 docker firmware quick start
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to Bottom
 

Viewers also liked

LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheetjordagro
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheetjordagro
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheetjordagro
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis AlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015n|u - The Open Security Community
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 

Viewers also liked (20)

LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheet
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheet
 
Securityanalytics
SecurityanalyticsSecurityanalytics
Securityanalytics
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheet
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 

Similar to What's New Logrhythm 5.1 Data Sheet

Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Linux on System z Update: Current & Future Linux on System z Technology
Linux on System z Update: Current & Future Linux on System z TechnologyLinux on System z Update: Current & Future Linux on System z Technology
Linux on System z Update: Current & Future Linux on System z TechnologyIBM India Smarter Computing
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversVladimir Shakhov
 
Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin Kuberton
 
Building complex and modular RIAs with OSGi and Flex
Building complex and modular RIAs with OSGi and FlexBuilding complex and modular RIAs with OSGi and Flex
Building complex and modular RIAs with OSGi and FlexCARA_Lyon
 
Linux Implementation ProposalRichard JohnsonWhy Linux .docx
Linux Implementation ProposalRichard JohnsonWhy Linux .docxLinux Implementation ProposalRichard JohnsonWhy Linux .docx
Linux Implementation ProposalRichard JohnsonWhy Linux .docxcroysierkathey
 
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...Paris Open Source Summit
 
OSMC 2011 | Safed as an agent for supporting a central collection of events w...
OSMC 2011 | Safed as an agent for supporting a central collection of events w...OSMC 2011 | Safed as an agent for supporting a central collection of events w...
OSMC 2011 | Safed as an agent for supporting a central collection of events w...NETWAYS
 
Graphical libraries
Graphical librariesGraphical libraries
Graphical librariesguestbd40369
 
HP ProLiant Value Add tools
HP ProLiant Value Add toolsHP ProLiant Value Add tools
HP ProLiant Value Add toolsBruno Cornec
 
OSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk Hermann
OSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk HermannOSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk Hermann
OSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk HermannNETWAYS
 
Kostas Tzoumas - Apache Flink®: State of the Union and What's Next
Kostas Tzoumas - Apache Flink®: State of the Union and What's NextKostas Tzoumas - Apache Flink®: State of the Union and What's Next
Kostas Tzoumas - Apache Flink®: State of the Union and What's NextVerverica
 
VMware ThinApp 4.5
VMware ThinApp 4.5VMware ThinApp 4.5
VMware ThinApp 4.5netlogix
 
Open Source Monitoring Tools Shootout
Open Source Monitoring Tools ShootoutOpen Source Monitoring Tools Shootout
Open Source Monitoring Tools Shootouttomdc
 
Prizm Installation Guide
Prizm Installation GuidePrizm Installation Guide
Prizm Installation Guidevjvarenya
 
Logging Services for .net - log4net
Logging Services for .net - log4netLogging Services for .net - log4net
Logging Services for .net - log4netGuo Albert
 

Similar to What's New Logrhythm 5.1 Data Sheet (20)

LWdatasheet
LWdatasheetLWdatasheet
LWdatasheet
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Linux on System z Update: Current & Future Linux on System z Technology
Linux on System z Update: Current & Future Linux on System z TechnologyLinux on System z Update: Current & Future Linux on System z Technology
Linux on System z Update: Current & Future Linux on System z Technology
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
 
Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin
 
Building complex and modular RIAs with OSGi and Flex
Building complex and modular RIAs with OSGi and FlexBuilding complex and modular RIAs with OSGi and Flex
Building complex and modular RIAs with OSGi and Flex
 
Rhel7 vs rhel6
Rhel7 vs rhel6Rhel7 vs rhel6
Rhel7 vs rhel6
 
What's New in RHEL 6 for Linux on System z?
What's New in RHEL 6 for Linux on System z?What's New in RHEL 6 for Linux on System z?
What's New in RHEL 6 for Linux on System z?
 
Linux Implementation ProposalRichard JohnsonWhy Linux .docx
Linux Implementation ProposalRichard JohnsonWhy Linux .docxLinux Implementation ProposalRichard JohnsonWhy Linux .docx
Linux Implementation ProposalRichard JohnsonWhy Linux .docx
 
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
 
OSMC 2011 | Safed as an agent for supporting a central collection of events w...
OSMC 2011 | Safed as an agent for supporting a central collection of events w...OSMC 2011 | Safed as an agent for supporting a central collection of events w...
OSMC 2011 | Safed as an agent for supporting a central collection of events w...
 
Graphical libraries
Graphical librariesGraphical libraries
Graphical libraries
 
HP ProLiant Value Add tools
HP ProLiant Value Add toolsHP ProLiant Value Add tools
HP ProLiant Value Add tools
 
OSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk Hermann
OSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk HermannOSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk Hermann
OSDC 2011 | RedHat Satellite - Einsatzweise und Möglichkeiten by Dirk Hermann
 
comparing windows and linux ppt
comparing windows and linux pptcomparing windows and linux ppt
comparing windows and linux ppt
 
Kostas Tzoumas - Apache Flink®: State of the Union and What's Next
Kostas Tzoumas - Apache Flink®: State of the Union and What's NextKostas Tzoumas - Apache Flink®: State of the Union and What's Next
Kostas Tzoumas - Apache Flink®: State of the Union and What's Next
 
VMware ThinApp 4.5
VMware ThinApp 4.5VMware ThinApp 4.5
VMware ThinApp 4.5
 
Open Source Monitoring Tools Shootout
Open Source Monitoring Tools ShootoutOpen Source Monitoring Tools Shootout
Open Source Monitoring Tools Shootout
 
Prizm Installation Guide
Prizm Installation GuidePrizm Installation Guide
Prizm Installation Guide
 
Logging Services for .net - log4net
Logging Services for .net - log4netLogging Services for .net - log4net
Logging Services for .net - log4net
 

More from jordagro

LogRhythm Alerting on the Absence of an Event Use Case UK
LogRhythm Alerting on the Absence of an Event Use Case UKLogRhythm Alerting on the Absence of an Event Use Case UK
LogRhythm Alerting on the Absence of an Event Use Case UKjordagro
 
LogRhythm Zero Day Exploits Use Case
LogRhythm Zero Day Exploits Use CaseLogRhythm Zero Day Exploits Use Case
LogRhythm Zero Day Exploits Use Casejordagro
 
LogRhythm Visualization Use Case
LogRhythm Visualization Use CaseLogRhythm Visualization Use Case
LogRhythm Visualization Use Casejordagro
 
LogRhythm Time-to-Value Use Case
LogRhythm Time-to-Value Use CaseLogRhythm Time-to-Value Use Case
LogRhythm Time-to-Value Use Casejordagro
 
LogRhythm Rapid Forensics Use Case
LogRhythm Rapid Forensics Use CaseLogRhythm Rapid Forensics Use Case
LogRhythm Rapid Forensics Use Casejordagro
 
LogRhythm Privileged Use Monitoring Use Case
LogRhythm Privileged Use Monitoring Use CaseLogRhythm Privileged Use Monitoring Use Case
LogRhythm Privileged Use Monitoring Use Casejordagro
 
LogRhythm Operations Use Case
LogRhythm Operations Use CaseLogRhythm Operations Use Case
LogRhythm Operations Use Casejordagro
 
LogRhythm Geolocation Use Case
LogRhythm Geolocation Use CaseLogRhythm Geolocation Use Case
LogRhythm Geolocation Use Casejordagro
 
LogRhythm E Phi Use Case
LogRhythm E Phi Use CaseLogRhythm E Phi Use Case
LogRhythm E Phi Use Casejordagro
 
LogRhythm Siem 2.0 Flyer
LogRhythm Siem 2.0 FlyerLogRhythm Siem 2.0 Flyer
LogRhythm Siem 2.0 Flyerjordagro
 
LogRhythm Professional Services Overview Data Sheet
LogRhythm Professional Services Overview Data SheetLogRhythm Professional Services Overview Data Sheet
LogRhythm Professional Services Overview Data Sheetjordagro
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheetjordagro
 
LogRhythm Advanced Intelligence Engine Data Sheet
LogRhythm Advanced Intelligence Engine Data SheetLogRhythm Advanced Intelligence Engine Data Sheet
LogRhythm Advanced Intelligence Engine Data Sheetjordagro
 
LogRhythm Visualize This Data Sheet
LogRhythm Visualize This Data SheetLogRhythm Visualize This Data Sheet
LogRhythm Visualize This Data Sheetjordagro
 
LogRhythm Overview Data Sheet
LogRhythm Overview Data SheetLogRhythm Overview Data Sheet
LogRhythm Overview Data Sheetjordagro
 
LogRhythm FIPS Data Sheet
LogRhythm FIPS Data SheetLogRhythm FIPS Data Sheet
LogRhythm FIPS Data Sheetjordagro
 
LogRhythm High Availability Solutions Data Sheet
LogRhythm High Availability Solutions Data SheetLogRhythm High Availability Solutions Data Sheet
LogRhythm High Availability Solutions Data Sheetjordagro
 
File Integrity Monitoring Data Sheet
File Integrity Monitoring Data SheetFile Integrity Monitoring Data Sheet
File Integrity Monitoring Data Sheetjordagro
 
LogRhythm Appliance Data Sheet
LogRhythm Appliance Data SheetLogRhythm Appliance Data Sheet
LogRhythm Appliance Data Sheetjordagro
 

More from jordagro (19)

LogRhythm Alerting on the Absence of an Event Use Case UK
LogRhythm Alerting on the Absence of an Event Use Case UKLogRhythm Alerting on the Absence of an Event Use Case UK
LogRhythm Alerting on the Absence of an Event Use Case UK
 
LogRhythm Zero Day Exploits Use Case
LogRhythm Zero Day Exploits Use CaseLogRhythm Zero Day Exploits Use Case
LogRhythm Zero Day Exploits Use Case
 
LogRhythm Visualization Use Case
LogRhythm Visualization Use CaseLogRhythm Visualization Use Case
LogRhythm Visualization Use Case
 
LogRhythm Time-to-Value Use Case
LogRhythm Time-to-Value Use CaseLogRhythm Time-to-Value Use Case
LogRhythm Time-to-Value Use Case
 
LogRhythm Rapid Forensics Use Case
LogRhythm Rapid Forensics Use CaseLogRhythm Rapid Forensics Use Case
LogRhythm Rapid Forensics Use Case
 
LogRhythm Privileged Use Monitoring Use Case
LogRhythm Privileged Use Monitoring Use CaseLogRhythm Privileged Use Monitoring Use Case
LogRhythm Privileged Use Monitoring Use Case
 
LogRhythm Operations Use Case
LogRhythm Operations Use CaseLogRhythm Operations Use Case
LogRhythm Operations Use Case
 
LogRhythm Geolocation Use Case
LogRhythm Geolocation Use CaseLogRhythm Geolocation Use Case
LogRhythm Geolocation Use Case
 
LogRhythm E Phi Use Case
LogRhythm E Phi Use CaseLogRhythm E Phi Use Case
LogRhythm E Phi Use Case
 
LogRhythm Siem 2.0 Flyer
LogRhythm Siem 2.0 FlyerLogRhythm Siem 2.0 Flyer
LogRhythm Siem 2.0 Flyer
 
LogRhythm Professional Services Overview Data Sheet
LogRhythm Professional Services Overview Data SheetLogRhythm Professional Services Overview Data Sheet
LogRhythm Professional Services Overview Data Sheet
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheet
 
LogRhythm Advanced Intelligence Engine Data Sheet
LogRhythm Advanced Intelligence Engine Data SheetLogRhythm Advanced Intelligence Engine Data Sheet
LogRhythm Advanced Intelligence Engine Data Sheet
 
LogRhythm Visualize This Data Sheet
LogRhythm Visualize This Data SheetLogRhythm Visualize This Data Sheet
LogRhythm Visualize This Data Sheet
 
LogRhythm Overview Data Sheet
LogRhythm Overview Data SheetLogRhythm Overview Data Sheet
LogRhythm Overview Data Sheet
 
LogRhythm FIPS Data Sheet
LogRhythm FIPS Data SheetLogRhythm FIPS Data Sheet
LogRhythm FIPS Data Sheet
 
LogRhythm High Availability Solutions Data Sheet
LogRhythm High Availability Solutions Data SheetLogRhythm High Availability Solutions Data Sheet
LogRhythm High Availability Solutions Data Sheet
 
File Integrity Monitoring Data Sheet
File Integrity Monitoring Data SheetFile Integrity Monitoring Data Sheet
File Integrity Monitoring Data Sheet
 
LogRhythm Appliance Data Sheet
LogRhythm Appliance Data SheetLogRhythm Appliance Data Sheet
LogRhythm Appliance Data Sheet
 

Recently uploaded

Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docxItaly Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docxWorld Wide Tickets And Hospitality
 
Introduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint PresentationIntroduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint PresentationJuliusMacaballug
 
Project & Portfolio, Market Analysis: WWE
Project & Portfolio, Market Analysis: WWEProject & Portfolio, Market Analysis: WWE
Project & Portfolio, Market Analysis: WWEDeShawn Ellis
 
PPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports RivalryPPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports Rivalryanirbannath184
 
Benifits of Individual And Team Sports-Group 7.pptx
Benifits of Individual And Team Sports-Group 7.pptxBenifits of Individual And Team Sports-Group 7.pptx
Benifits of Individual And Team Sports-Group 7.pptxsherrymieg19
 
DONAL88 >LINK SLOT PG SOFT TERGACOR 2024
DONAL88 >LINK SLOT PG SOFT TERGACOR 2024DONAL88 >LINK SLOT PG SOFT TERGACOR 2024
DONAL88 >LINK SLOT PG SOFT TERGACOR 2024DONAL88 GACOR
 
Clash of Titans_ PSG vs Barcelona (1).pdf
Clash of Titans_ PSG vs Barcelona (1).pdfClash of Titans_ PSG vs Barcelona (1).pdf
Clash of Titans_ PSG vs Barcelona (1).pdfMuhammad Hashim
 
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...World Wide Tickets And Hospitality
 
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfJORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfArturo Pacheco Alvarez
 
JORNADA 2 LIGA MUROBASQUETBOL1 2024.docx
JORNADA 2 LIGA MUROBASQUETBOL1 2024.docxJORNADA 2 LIGA MUROBASQUETBOL1 2024.docx
JORNADA 2 LIGA MUROBASQUETBOL1 2024.docxArturo Pacheco Alvarez
 

Recently uploaded (11)

Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docxItaly Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
 
NATIONAL SPORTS DAY WRITTEN QUIZ by QUI9
NATIONAL SPORTS DAY WRITTEN QUIZ by QUI9NATIONAL SPORTS DAY WRITTEN QUIZ by QUI9
NATIONAL SPORTS DAY WRITTEN QUIZ by QUI9
 
Introduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint PresentationIntroduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint Presentation
 
Project & Portfolio, Market Analysis: WWE
Project & Portfolio, Market Analysis: WWEProject & Portfolio, Market Analysis: WWE
Project & Portfolio, Market Analysis: WWE
 
PPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports RivalryPPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports Rivalry
 
Benifits of Individual And Team Sports-Group 7.pptx
Benifits of Individual And Team Sports-Group 7.pptxBenifits of Individual And Team Sports-Group 7.pptx
Benifits of Individual And Team Sports-Group 7.pptx
 
DONAL88 >LINK SLOT PG SOFT TERGACOR 2024
DONAL88 >LINK SLOT PG SOFT TERGACOR 2024DONAL88 >LINK SLOT PG SOFT TERGACOR 2024
DONAL88 >LINK SLOT PG SOFT TERGACOR 2024
 
Clash of Titans_ PSG vs Barcelona (1).pdf
Clash of Titans_ PSG vs Barcelona (1).pdfClash of Titans_ PSG vs Barcelona (1).pdf
Clash of Titans_ PSG vs Barcelona (1).pdf
 
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
 
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfJORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
 
JORNADA 2 LIGA MUROBASQUETBOL1 2024.docx
JORNADA 2 LIGA MUROBASQUETBOL1 2024.docxJORNADA 2 LIGA MUROBASQUETBOL1 2024.docx
JORNADA 2 LIGA MUROBASQUETBOL1 2024.docx
 

What's New Logrhythm 5.1 Data Sheet

  • 1. What’s New in LogRhythm® Version 5.1
  • 2. What’s New in LogRhythm ® Version 5.1 Dear LogRhythm Customers, I am pleased to introduce LogRhythm 5.1, the latest version of our award winning software. I think you will be very happy with the extensive list of new features, capabilities, and improvements introduced. As I think you‟ll come to appreciate, LogRhythm 5.1 is far from a typical minor release. I think this release provides a great balance between core “blocking and tackling” capabilities with leading edge innovation. We have long felt our log data collection and management infrastructure is second-to-none. We continue to invest in this area by adding significant new log collection capabilities including native support for SNMP traps and the latest version of Netflow. We have invested in improving our reporting infrastructure by providing you the ability to create your own templates for determining exactly how you want a report to look. In addition, you can select to use your company logo instead of ours for presentation in a report. We have introduced new meta-data fields and significantly enhanced how some derived meta-data values are determined. We also introduced a variety of new capabilities and improvements for easing the administration of your LogRhythm deployment. On more of the leading-edge innovation front, we have introduced a number of new features that I am personally very excited about. We‟ve added Geolocation, the ability to see where hosts contained in log messages physically reside. While some of our competitors have capabilities in this area, what excites me is that we introduce Geolocation at the log and event layer whereas others have only focused at the event layer. This provides great forensic context for every log message, context that provides a wealth of capabilities today and more in the future. One of those capabilities is leveraged in another new feature called Network Visualization. This is a very powerful visual analysis tool that provides a visual depiction of host-to-host relationships across boundaries such as location. One thing I feel has always differentiated us is our focus on filling the “visibility gaps”. While logs do provide tremendous visibility on their own, often they don‟t provide the complete story. A core capability of the LogRhythm System Monitor is to fill in these gaps at the endpoint. Two new powerful forensic visibility capabilities have been introduced in 5.1. Process Monitor provides independent monitoring of processes running on a host, when they start, and when they stop. Network Monitor provides independent monitoring of listening services, inbound connections, and outbound connections to/from a host. These capabilities, combined with existing endpoint monitoring features (i.e., File Integrity Monitor, DataLoss Defender), provide powerful and unequaled forensic awareness and visibility at the host. I hope you find LogRhythm 5.1 as exciting as we do. The LogRhythm engineering team has worked hard to bring you another quality software release we are very proud of. Sincerely, Chris Petersen CTO, VP Engineering, Co-founder
  • 3. What’s New in LogRhythm ® Version 5.1 Overview This document provides a brief description of new features and the most significant improvements introduced in LogRhythm 5.1. Please refer to the Release Notes for the complete list of new features, improvements, modifications, and known issues found in LogRhythm 5.1. System Monitor Features and Improvements New Operating System Support We have added support for the following operating systems and Linux distributions: HP-UX Linux Debian Linux Ubuntu New Collection Interfaces, Capabilities, and Improvements SNMP Trap Listener The Windows System Monitor now includes an integrated SNMP Trap Listener. SNMP versions 1, 2 and 3 are supported. Netflow v9 The Windows System Monitor now supports Netflow v9 in addition to version 1 and 5. This provides support for the latest version of Netflow shipping with Cisco products. Netflow v9 is also compatible with a variety of non-Cisco products. Recursive Flat File Collection This capability allows for the collection of flat files matching a specific file name pattern that reside in root or child directories. This is ideal for applications (i.e., web servers) that generate new directories containing log files on a daily or weekly basis. Integrated Syslog Server for UNIX and Linux System Monitor The Windows System Monitor has always had an integrated Syslog Listener for receiving UDP and TCP based Syslog. This same capability has been added in UNIX and Linux versions of the System Monitor. This is ideal for extending the collection infrastructure in *NIX-centric environments where a single agent can collect and forward Syslog from the entire environment. Checkpoint Firewall/VPN Secure Configuration Verification (SCV) Support The Windows System Monitor now supports collection of logs generated via Checkpoint‟s Secure Configuration Verification module. Windows Remote Event Log Connection Optimization The number and frequency of new connections required to collect Event Logs remotely has been significantly reduced. This results in overall performance improvements and reduces the number of logs written to the Windows Security Event log as a result of remote collection activity.
  • 4. What’s New in LogRhythm ® Version 5.1 Windows 1252 Codepage Extended ASCII support Log messages containing Extended ASCII characters for languages included in the Windows 1252 codepage will be collected and presented in native language. This includes the following languages: Afrikaans Finnish Malay Basque French Norwegian Catalan Galician Portuguese Danish German Spanish Dutch Icelandic Swahili English Indonesian Swedish Faroese Italian New Forensic Visibility and Awareness Features A tenet of LogRhythm‟s vision is to provide profound visibility into the operating environment. We do this to help our customers better understand the environment as it affects or is impacted by security, operations, and compliance/audit events. In LogRhythm 5.1, we have introduced two significant features that provide forensic awareness into the activity of a host. Network Connection Monitor This feature provides an audit trail of connections to and from the host on which the System Monitor is installed. We also detect and log listening services. This is an optional capability available in System Monitor Lite that can provide constant or on-demand visibility into how a host is interacting on the LAN, WAN and Internet. Use Case Deploy System Monitors and enable Network Connection Monitor on servers in a DMZ and alert on unauthorized connections from DMZ hosts to hosts on the Internet or inside the trusted network. Use Case Deploy System Monitors and enable Network Connection Monitor on key servers and alert if observe network connection initiating directly from the Internet or other unauthorized networks. Process Monitor This feature provides an audit trail of processes running on a host. Logs are generated whenever a new process or program starts or a previously running process or program stops. This is an optional capability available in System Monitor Lite that can provide constant or on-demand visibility into what processes and applications a host is running. Use Case Deploy System Monitors and enable Process Monitor on key servers. Create a whitelist of authorized programs and alert if any program is observed not in the approved whitelist. Use Case Deploy System Monitors and enable Process Monitor on user desktops. Create a blacklist of high-risk unauthorized programs (i.e., BitTorrent) and alert if such programs are observed on monitored hosts.
  • 5. What’s New in LogRhythm ® Version 5.1 System Monitor Feature Matrix System Monitor System Monitor Lite Pro Windows UNIX Windows UNIX Timestamp Normalization X X X X Collection Scheduling X X X X Compressed Data Transmission X X X X Encrypted Data Transmission X X X X Flat File Log Collection X X X X Recursive Flat File Log Collection New! 5.1 New! 5.1 New! 5.1 New! 5.1 Windows Event Log Collection X X Remote Windows Event Log Collection X X Integrated UDP Syslog Server X New! 5.1 X New! 5.1 Integrated TCP Syslog Server X New! 5.1 X New! 5.1 Integrated Netflow Server v1 and v5 X Integrated Netflow Server v9 New! 5.1 Integrated SNMP Trap Receiver New! 5.1 Remote Checkpoint Firewall Log Collection (via LEA) X Remote Cisco IDS Log Collection (via (SDEE) X Remote Database Log Collection (UDLA) X System Performance Monitoring X X X X Data Loss Defender X X File Integrity Monitoring X X Process Monitor New! 5.1 New! 5.1 New! 5.1 New! 5.1 Network Connection Monitor New! 5.1 New! 5.1 New! 5.1 New! 5.1 User Activity Monitoring X X X X New Meta-data Fields and Resolution Enhancements In 5.1, new meta-data fields have been introduced. We also improve how some derived values are determined. These are very significant changes in terms of what information is presented for every log message and event. These new fields and enhancements provide immediate value from an analysis, reporting, and alerting standpoint. They have also been implemented to prepare for additional automated and visual analysis capabilities planned in future releases. NOTE: It is very important the Administrator of LogRhythm understands how the configuration of your deployment affects how these fields are determined and as a result, their usefulness throughout the product. Please refer to online help to learn more or contact support for additional information. New Meta-Data Fields Origin & Impacted Entity The Origin Entity is the Entity to which the Origin Host is associated. The Impacted Entity is the Entity to which the Impacted Host is associated. Because Entities typically map to physical operating locations or classes of systems, these two fields provide very useful context in terms of understanding the Entity from which the action (i.e., attack, logon) originated and the Entity impacted by the action. The introduction of these fields enable analysis, reporting and alerting based on the Entity in which the Origin or Impacted Host resides.
  • 6. What’s New in LogRhythm ® Version 5.1 Use Case Report and alert on authentication activity across Entity boundaries. For instance if each entity were a separate business unit, this report would be of authentications between business units. Origin & Impacted Network The Origin Network is the network to which the Origin Host is associated. The Impacted Network is the Network to which the Impacted Host is associated. These two fields provide very useful context when analyzing Host-to-Network and Network-to-Network relationships. The introduction of these fields enable analysis, reporting and alerting based on the Network in which the Origin or Impacted Host resides. Use Case Report and alert on network traffic between untrusted and trusted networks. For instance, if you had created a DMZ Network and a Production Servers Network, you could alert on any activity originating from the DMZ Network targeting any host in the Production Servers network. Origin & Impacted Zone The Origin Zone is the Zone (Internal, External, DMZ) in which the Origin Host resides. The Impacted Zone is the Zone in which the Impacted Host resides. The introduction of these fields enable analysis and reporting based on the Zone in which the Origin or Impacted Host resides. Origin & Impacted Location The Origin Location is the location in which the Origin Host resides. The Impacted Location is the location in which the Impacted Host resides. Location can be presented or considered for filtering at the Country, Region, or City level. These fields are introduced as part of the new Geolocation feature described below and enable analysis, reporting, and alerting based on geographic location Meta-Data Field Resolution Enhancements The approach for deriving the following fields has been modified and improved in LogRhythm 5.1. Although these improvements should not negatively affect an existing deployment, it is important to understand how these fields are determined based on your configuration. Known Origin Host Origin Zone* Known Impacted Host Impacted Zone* Known Origin Network* Direction Known Impacted Network* * NOTE: Although these fields are listed as new in 5.1, the fields did exist in previous versions. However, they were minimally exposed or completely hidden from the end-user. In 5.1 how these fields are determined has changed and the fields are visible and usable directly by the end-user. Log Analysis Features and Improvements Geolocation Ever wonder where an attack originated from geographically or where data was sent to? With LogRhythm Geolocation wonder no more. LogRhythm‟s Geolocation capability can provide city level location awareness for every Origin and Impacted Host represented in a log message. This capability is implemented at the Log Manager layer meaning EVERY log collected by LogRhythm can have Geolocation information assigned. Geolocation information is assigned to a log based on static assignment and automatic resolution. Static location assignment is available to all 5.1 users. This capability allows you to assign specific locations to Known Hosts and Networks that will be used during log processing to assign location to Origin and Impacted Hosts.
  • 7. What’s New in LogRhythm ® Version 5.1 Automatic location resolution requires a separate software license purchased on an annual subscription basis. Automatic location resolves public IP addresses to the last known physical location. The list of last known locations is provided via the LogRhythm knowledge base and updated periodically. Country-level resolution accuracy is 99.9% with city level resolution accuracy around 95%. Annual license fees for this functionality are $1,000, $2,500 and $5,000 for LR500/LRX1, LR1000/LRX2 and LR2000/LRX3 XM and LM models respectively. If you are interested in licensing this capability, please contact your LogRhythm Customer Relationship Manager at (303) 413-8745. Geolocation information is available in Personal Dashboard, Investigator, and Tail. It is also available in Reports targeting the Event Manager or Log Managers. Geolocation information is not currently available in Log Miner or LogMart. Geolocation criteria can be specified for searches and for reports. Criteria can also be specified for Alarm Rules and Global Log Processing Rules. Use Case Report and alert on remote authentication activity originating from locations outside expected states and/or countries. Use Case Report and alert on data transfers from sensitive servers to locations outside known and authorized geographic operating locations. Network Visualization A new tool has been added to Investigator for visually describing the relationships between hosts as represented in log data. This tool maps the relationships between hosts as contained within configurable containers such as Zone (i.e., DMZ, Internal), Location, and Network. Failure and security conditions are depicted with red links. Line width represents the relative amount of activity between related hosts or host containers. “Mousing” over hosts or host containers provides summary statistics such as kilobytes of traffic, packet counts, and log counts. This tool provides a revolutionary new way of looking at log data containing information on host-to-host interactions. The following screenshot depicts Port 80 and 443 traffic.
  • 8. What’s New in LogRhythm ® Version 5.1 New Investigator and Personal Dashboard Charts Two new charts have been added to Investigator and Personal Dashboard: Logs by Day and Hour Logs by Day of Week and Hour of Day Use Case Analyze VPN activity by day and hour of day to visually see the frequency and pattern of VPN authentications. Identify anomalous trends in VPN activity based on daily averages and/or time-of-day.
  • 9. What’s New in LogRhythm ® Version 5.1 New Investigator Meta-Data Charts Three new charts have been added to the Meta-data Statistics tool within Investigator. These three charts provide a visual display of every unique meta-data value compared to all other values across the number of logs, the amount of data sent/received, and the number of packets sent/received. These charts are designed to provide visual trending and easy identification of anomalous activity. Following is a screenshot of the three new charts for a meta-data statistics pain configured to show Impacted Host. Impacted Hosts by Log Count Impacted Host by KBytes In/Out Impacted Host by Items In/Out Time-based Drill-Down Improvements An improved drill-down mechanism has been introduced for all charts that show activity by time. In previous versions of LogRhythm, you were able to drill down on an individual point representing a time range. In 5.1, this capability remains and added is the ability to select a range of time. In any time-based chart simply click and hold the left mouse button and drag the mouse to the right until at the end of the range. Release the left mouse button and double click into the highlighted area to drill-down.
  • 10. What’s New in LogRhythm ® Version 5.1 Reporting New Features and Improvements Custom Report Templates You can now create your own report templates if the provided out-of-the box templates do not suit your organization‟s needs. Both detail and summary templates can be created via a Wizard based tool. All log message properties can be used with a variety of grouping and sorting options. The result is near infinite possibilities in terms of what you want included in a report. This capability combined with LogRhythm‟s previous reporting capabilities provides near limitless reporting options.
  • 11. What’s New in LogRhythm ® Version 5.1 Custom Report Branding You can now replace the LogRhythm logo that is printed on reports to an image of your choosing. This is done by selecting File > Options from the Report Center and checking the „Use Custom Logo‟ checkbox. Event Management New Features and Improvements Batch Alarm Record management You can now select multiple alarms in Alarm Viewer and edit their status/comments in batch.
  • 12. What’s New in LogRhythm ® Version 5.1 Personal Dashboard Shared Filters The filtering function within Personal Dashboard has been significantly improved. Filters are easier to create and manage with more powerful filtering options. In addition, Personal Dashboard Filters can be shared across the LogRhythm user base. Use Case Configure shared Personal Dashboard Filters for security analyst team and helpdesk operations. When these users access their Personal Dashboard, the events displayed are automatically filtered based on their job function. Administration New Features and Improvements Batch System Monitor Agent Editing All properties of a System Monitor can now be edited in batch. This simplifies the administration of deployments where large numbers of System Monitors are deployed. Batch Host and Network Editing Hosts and Networks can now be edited in batch. The following properties are available for batch editing: Zone Location Risk Level Threat Level Right Click Add Host Ever wished you could add a host from a log message you are analyzing to LogRhythm‟s list of Known Hosts? Wish no more. A new context menu is available off Log/Event lists. Simply select the log or event containing the host you wish to add and select to add Origin or Impacted Host as a Known Host. • LogRhythm Headquarters LogRhythm EMEA LogRhythm Asia Pacific Ltd. 3195 Sterling Circle Siena Court, The Broadway 8/F Exchange Square II Boulder, CO Maidenhead Berkshire SL6 1NJ 8 Connaught Place, Central, 80301 United Kingdom Hong Kong 303-413-8745 +44 (0) 1628 509 070 +852 2297 2812