Enrich Your Security Data with LogRhythm and Kibana

Data is a powerful tool. But storing, organizing, and adding value to it to enable better decisions can be difficult. Most companies strive to find a way to best preserve all of their data, and then use that data to gain insight into their organization and business segment.

Yet each company — and sometimes each department within — adopts a different approach in pursuit of optimizing its security data collection and analysis, typically implementing disparate hardware, storage, database technologies, and reporting and visualization tools. Such an approach is overwhelming, especially as users search for the one tool to rule them all.

But chances are, there is untapped potential in the data that your organization is already collecting — you simply need to access and apply it.

Maximizing Value With Your LogRhythm Data

While you may already be using your LogRhythm NextGen SIEM deployment for your team to efficiently collaborate and surface and respond to threats, you can also use it to strengthen and improve your data for better analysis.

For example, LogRhythm develops, supports, and maintains log source types for over 800 devices. Using patented LogRhythm Machine Data Intelligence (MDI) Fabric, when a log source is configured in LogRhythm, it is parsed into our schema and enriched to provide actionable information for security teams. (Review the LogRhythm Schema Dictionary to learn more). This process ensures stored data is well structured for performing detailed analysis. Moreover, it removes manual work from your team who otherwise would have to write parsing rules for the data they are collecting and storing.

By enriching data with MDI Fabric, LogRhythm is a great place to start mining data for greater insights.

Integrating With Kibana

Moving beyond MDI Fabric, LogRhythm integrates with a number of technology partners to help you get the most value out of your data.

For example, LogRhythm recently integrated with Kibana, an open-source data visualization tool that provides additional flexibility when navigating data. This allows users to create custom visualizations and interactive dashboards for greater visibility into an environment.

Why Use Kibana?

Why is Kibana an important partner? We‘ve identified three key reasons:

1. It reduces data and resource duplication: If you’re trying to achieve various use cases, you’re likely using disparate tools and resources to store data. In many cases, LogRhythm deployments are already ingesting and parsing a lot of this data, and you can easily add any missing information. With the LogRhythm-Kibana integration, you can avoid integrating another technology, employing resources to manage it, and remove the potential of storing duplicate data.

2. It provides an easy and efficient way to analyze your data: Kibana delivers an easy method to traverse and analyze your data with custom visualizations, ad hoc reporting capabilities, time series, relationship analytics, and geo-mapping.

3. It deepens your data analysis: With Kibana, you can analyze unstructured and semi-structured logs from servers, applications, and mobile devices, among other devices, to assist with a range of applications, including application monitoring, fraud detection, and the Internet of things (IoT).

LogRhythm-Kibana Data Visualization Use Cases

IT Operations/ Business Intelligence (Point of Sale Analysis)

Point-of-sale (POS) reports are created based on the data gathered by a POS system. Register data and activity are tracked at the POS terminal and stored for future analysis.

Tracking key performance indicators as a retail business helps ensure longevity in the space. For instance, many retailers use KPIs to answer questions such as: Do we offer a top-selling product or are we underselling? Do we have an abundance of lost or broken inventory? Are our employees over performing or underperforming?

Use LogRhythm and Kibana to track data at the POS Figure 1: You can use LogRhythm and Kibana to track data at the POS

The LogRhythm and Kibana integration give your greter insight into reporting Figure 2: The LogRhythm and Kibana integration gives your greater insight into reporting features at the POS

IT Operations

IT operations teams need to understand what happens in their networks, including monitoring bandwidth consumption and network behavior. This is data that is likely already being processed in your LogRhythm deployment, and it is critical for understanding the state and health of an organization’s infrastructure. With LogRhythm and Kibana, an IT team can:

  1. Compare the inbound bandwidth consumption and the outbound bandwidth consumption in real time.
  2. Compare the cumulative sum of inbound bandwidth consumption and the cumulative sum of outbound bandwidth consumption.
  3. Compare the inbound average upload rate and the outbound average download rate.
  4. Review the top source countries by connections count, number of inbound ports used, inbound bandwidth consumption, and the average risk.
  5. Compare the top destination countries by connections count, used outbound ports, outbound bandwidth consumed, and the average risk.

Monitor bandwidth consumption and network behavior with LogRhythm and Kibana Figure 3: Use LogRhythm and Kibana to monitor bandwidth consumption and network behavior

Custom Reporting

Kibana can also be used for custom reporting and dashboards. The LogRhythm NextGen SIEM Platform has excellent out-of-the-box compliance reporting packages, as well as the flexibility to create and modify reports as needed. Kibana can enhance your reporting capabilities, enabling you to create custom reports or dashboards for non-security needs.

Deepen your reporting with LogRhythm and Kibana Figure 4: Go deeper with your reporting capabilities with LogRhythm and Kibana

Create customized dashboards with Kibana Figure 5: Create customize dashboards with Kibana

Strengthening your security data and making it more actionable are crucial to your success. By maximizing your data assets with LogRhythm and Kibana, you’ll gather greater insight and devise more value for your organization.

If you are interested in learning more about integrating your LogRhythm deployment with Kibana, please visit our community.

Journey to the AI-Enabled SOC:  Unlocking Potential With Data

Integrating Threat Intelligence to Keep up with Today’s Cyberthreats

DPA-Powered Dashboards