Tracking Group Policy Changes: Part 2
Posted by: Andrew Hollister
After reading my last post Tracking Group Policy Changes: Part 1, you may wonder what LogRhythm can do with the GPO change logs? Let’s take a look at how this is presented within LogRhythm. As I mentioned previously, LogRhythm has…
Read MoreDecember 7, 2015
Tracking Group Policy Changes: Part 1
Posted by: Andrew Hollister
Following my earlier blog post, Unauthorized Use of Windows Administration Tools Use Case, one of our readers asked about methods for monitoring changes made to group policies. LogRhythm has built-in processing policies for almost any log imaginable in Windows and…
Read MoreDecember 2, 2015
VirusTotal SIEM Integration
Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other files/processes and appear as something legitimate even though it’s really not the program it is…
Read MoreNovember 24, 2015
SmartResponse Shell
Posted by: Andrew Hollister
LogRhythm’s SmartResponse™ is a powerful and flexible technology that has been further extended in LogRhythm 7 to allow actions to be executed on System Monitor Agents. These actions can be launched when an individual alarm is generated, on demand, or…
Read MoreNovember 23, 2015
When the Threat Comes from Within
Threats are evolving at a rapid pace. Not only are they more sophisticated, but they are also increasingly entering the corporate network via different means of attack. Organizations have traditionally been more fearful of external threats to their confidential documents;…
Read MoreNovember 16, 2015
Automatic Management of User Account Expiry Use Case
The Challenge Account access management can be a tireless task. Sometimes, people never actually log in their user accounts, and the accounts should be deleted. Others use their access regularly. The struggle is managing access to these accounts in a…
Read MoreNovember 13, 2015