Introducing LogRhythm Echo

LogRhythm Echo Logo

LogRhythm Echo is now available.

LogRhythm Echo is a standalone app that simulates incident scenarios for demonstration purposes, allowing you to test security rules, verify embedded content, and perform red team preparedness exercises. Regardless of the size of your team, Echo can demonstrate LogRhythm’s value and help you feel more confident in your security analytics and procedures.

Simulate Incident Scenarios in LogRhythm

Simulation exercises can be the best way to test your security rules and prepare your team to properly respond in the event of a security incident within a safe and controlled environment.

LogRhythm Echo simulates a LogRhythm SysMon agent and allows you to recreate scenarios involving multiple log types, sent in their native form, and replay packet captures (PCAPs) into the platform.

Quickly Realize the Value of Echo

If you rely on LogRhythm alarms for security monitoring, use Echo to confirm that alarms are working, conduct training, or do demos in the LogRhythm SIEM to improve your team’s readiness and demonstrate your SOC maturity to leadership.

Value Provided from Echo
LogRhythm Echo offers valuable capabilities
Figure 2. LogRhythm Echo offers valuable capabilities

Echo supports the same out-of-the-box log source types and rules that the LogRhythm NextGen SIEM Platform supports, so you can quickly build, demo, validate, verify, and tear down security use cases.

Echo Use Cases

Echo comes with more than 50 use cases that focus on specific security scenarios and alarms that are ready for replay on an ad hoc or routinely scheduled basis. An example includes a use case designed to validate the integration between Carbon Black and LogRhythm. In this scenario, Echo generates logs with a binary that matches an executable on a Carbon Black watch list. If AI Engine is configured to alarm on this rule, the Echo logs trigger an alarm.

After the alarm fires, you can execute a selection of automated response actions using LogRhythm SmartResponse™. SmartResponse™ plugins will allow you to safely practice remediation actions without affecting production systems and demonstrate LogRhythm’s SOAR capabilities.

In this example, Echo makes it easy to ensure that an AI Engine rule is configured to detect and alarm correctly in a specific scenario. This is just one of the many use cases delivered with Echo. You can also test LogRhythm Labs-developed content and give your feedback to help LogRhythm make adjustments to improve customer content.

Create Custom Echo Use Cases

If the use cases don’t meet your needs, it’s easy to add logs, PCAPs, hosts, and schedules to create custom use cases using the Echo web interface or text editor. Once created, you can modify and share use cases on LogRhythm Community for immediate import by other Echo users.

And if you no longer need to maintain certain use cases, you can delete any — or all — Echo-generated configuration in your deployments with one click.

LogRhythm strives to make it as easy to run useful analytics on your security data. With Echo, you now have access to the same tools we use to demonstrate the value of LogRhythm analytics and to build confidence in the analytics that power the industry’s leading NextGen SIEM Platform.

Log in to Community to download LogRhythm Echo today.

Disclaimer: All customers can leverage Echo and the pre-packaged use cases associated with the tool. If a customer chooses to develop use cases and post them to the Community, it is done at the customers sole discretion. Customer is solely responsible for ensuring that the data, contained in the use case, does not contain any sensitive information, and that Customer should undertake all steps necessary to ensure their data is sanitized prior to disclosure. LogRhythm shall have no liability for the disclosure of any sensitive data by Customer.