LogRhythm
  • 2 minutes to read
  • Print
  • Share
  • Dark
    Light

LogRhythm

  • Print
  • Share
  • Dark
    Light

LogRhythm combines SIEM, user and entity behavior analytics, network traffic and behavior analytics, and security automation and orchestration.

Adapter Parameters

  1. LogRhythm Domain (required) - The hostname of the LogRhythm server.
  2. API Token (required) - API Token generated to use the LogRhythm API. See the section below for details.
  3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the host supplied in LogRhythm Domain. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
  4. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to LogRhythm Domain.
    • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
    • If not supplied, Axonius will connect directly to the host defined for this connection.

image.png


NOTE

For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Required Ports

Port 8501 must be accessible for Axonius to communicate with the API in LogRhythm Domain.

Generating API Token for LogRhythm API

  1. Open the LogRhythm client console.
  2. Select the Deployment Manager.
  3. Select the Third Party Applications tab, the last tab in the row.
  4. Create a new third-party application. To do this:
    • Click the green plus sign in the client console toolbar. This will bring up the Third Party Application Properties box.
    • In this box, type in the name and description for your application.
  5. Click Apply to generate the token. This will force a quick restart of the authentication server to set up and validate the token.
  6. After a few moments, the client ID and client secret will appear.
  7. Adjust the expiry date as desired to make the token last longer or expire faster. By default, the token expires after 365 days (one year).
  8. Click Generate Token to create an API token.
  9. Enter the user name and password of the LogRhythm account that the token should connect with.
  10. Copy and paste the token into a text file that can be referenced from the PowerShell script.

image.png

Was this article helpful?