Login
    Contents x
    LogRhythm
    • 09 Jul 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    LogRhythm

    • Updated on 09 Jul 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    LogRhythm combines SIEM, user and entity behavior analytics, network traffic and behavior analytics, and security automation and orchestration.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices

    Parameters

    1. LogRhythm Domain (required) - The hostname of the LogRhythm server. The LogRhythm Domain format is https://[instance]:8501.
    2. API Token (required) - API Token generated to use the LogRhythm API. For more details, see Generating API Token.
    3. Verify SSL - Select whether to verify the SSL certificate offered by the value supplied in LogRhythm Domain. For more details, see SSL Trust & CA Settings.
    4. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in LogRhythm Domain.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    image.png


    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Fetch Assets (optional) - Select this option to fetch data from the 'agent' endpoint.
    2. Fetch log sources behind collectors - Select this option to fetch configured syslog log sources.
    3. Fetch recent device logs for determining Last Seen - Select this option to only fetch the most recent device logs to determine the 'Last Seen' value.
    4. Ignore devices with record status (default: Retired) - Enter a record status with which to ignore devices.


    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


    Required Ports

    Port 8501 must be accessible for Axonius to communicate with the API in LogRhythm Domain.

    Generating API Token for LogRhythm API

    1. Launch the LogRhythm client console.
    2. Select Deployment Manager > Third Party Applications.
    3. Create a new third-party application. To do this:
      • Click the green Plus sign in the Client Console toolbar. The Third Party Application Properties window is displayed.
      • Specify the name and description for your application in the appropriate fields.
    4. Click Apply to generate the token. This will force a quick restart of the authentication server to set up and validate the token. After a few moments, the client ID and client secret will appear.
    5. Adjust the expiry date as desired to make the token last longer or expire faster. By default, the token expires after 365 days (one year).
    6. Click Generate Token to create an API token.
    7. Enter the user name and password of the LogRhythm account that the token should connect with.
    8. Copy and paste the token into a text file that can be referenced from the PowerShell script.

    image.png


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout