Exploring IT Operations with LogRhythm

The LogRhythm NextGen SIEM Platform collects, classifies, and normalizes log data from over 800 unique source types. At LogRhythm, our focus has always been on identifying and mitigating security threats through monitoring, alarming, and event log correlation. And while we examine log data with an eye for security use cases, normalizing and classifying immense sets of data has helped us gain valuable insight into operations.

As a result, LogRhythm Labs developed an IT Operations module designed to enable monitoring of IT systems for operational, non-security use cases within the LogRhythm NextGen SIEM Platform.

The Foundation for IT Operations

The same advanced analytics LogRhythm provides for security teams offers a solid foundation for IT operations teams to improve their processes and maintain optimal infrastructure performance.

LogRhythm has the right tools to monitor the active and developing status of an IT environment. The depth of the LogRhythm Knowledge Base gives us the ability to monitor system uptime and resources. Normalization and classification of alerts from popular third-party tools such as Nagios and Windows Performance Monitor have been present on our platform for years. Extensive support for common operating system logging provides another key piece to monitor operations.

With these components in place, investigations and basic reporting are easily accessible, and a solid foundation exists for building IT operations content.

LogRhythm IT Operations Module

By harnessing these resources, LogRhythm Labs has released an initial exploration of our operational monitoring capabilities in an IT Operations Module.

The module consists of a collection of AI Engine rules, reports, and dashboards designed to enable efficient monitoring of IT systems to solve problems before they start.

The LogRhythm IT Operations Module provides:

  • 22 AI Engine rules to alert on events such as unrecovered services and systems, detection of possible outages caused by software updates, and resource monitoring
  • Three Web Console Dashboards to monitor web services, Windows performance, and AI Engine Rule alarms in real time
  • Two reports that summarize AI Engine Rule alarm activity and all Windows bug check reboots by host

LogRhythmIT Operations Module Dashboard

Figure 1: IT Ops AIE Alarm Dashboard

The LogRhythm IT Operations module was released in Knowledge Base 7.1.504.0 as an initial foray into IT operations. However, LogRhythm Labs is committed to adding additional IT operations content as new product features and use cases become available.

Log in to LogRhythm Community to download the module. You can find it in the Shareables section under Dashboards.