Secure a Faster Time to Value With LogRhythm Axon

PCI DDS compliance dashboard report for SIEM.

LogRhythm Axon was built from the ground-up so that security teams can focus on the actual job of cybersecurity. With LogRhythm Axon, security teams can immediately realize the value of the platform as they do not have to focus on managing the infrastructure, ingesting disparate data into the platform, or learning specific query languages to use the platform.  

With feature releases every two weeks, the LogRhythm team continually strives to make the life of the analyst easier. This quarter, we focused on creating out-of-the-box content for additional security use cases and compliance to help security operation centers (SOCs) see a faster time to value. 

Integration with SOC Prime 

Getting content into a security information and event management (SIEM) platform can be time consuming which increases the time it takes to get value out of the platform. LogRhythm Axon’s integration with SOC Prime enables conversion between common industry standard formats for detection rules like Sigma and others vendor formats. You can now take a rule from a social media site or a GitHub repository and easily convert that into a LogRhythm Axon query or build a streaming analytics rule. This gives security teams a powerful combination of threat hunting, analytics, and automation that is needed to actively secure their environment.  

Figure 1: LogRhythm Axon and SOC Prime integration.

Streamline Data Security Compliance 

Only 56% of non-security executives truly understand regulatory requirements and constraints the company must adhere to. And when it comes to servicing audit requests, manually gathering evidence and mapping it to specific compliance mandates is time-consuming and prone to errors. That’s why our in-house LogRhythm Labs experts developed pre-built dashboards, searches, and reports for LogRhythm Axon that are specifically mapped to the individual controls of each regulation including PCI-DSS 4.0, HIPAA, CMMC, NIST 800-53, and ISO27001. This helps you streamline the data security compliance process with greater accuracy.  

Figure 2: LogRhythm Axon’s out-of-the-box compliance content for PCI compliance.

Centralized Community Sharing and Out-of-the-Box Content 

Recent global research reveals 61% of organizations still rely on manual and time-intensive methods for sharing security status updates. By removing the barrier for security teams to access out-of-the-box content, the quicker they are able to secure their environment. With access to out-of-the-box content that can be customized for their environment, security operation centers can quickly increase their threat detection posture.  

This quarter, LogRhythm Axon released the ability to export dashboards / searches from one environment and import into another, eliminating the time-consuming task of creating from scratch. In addition, we published pre-populated lists and list templates that customers can customize for their environment that drives more MITRE ATT&CK® use cases such as trusted relationship and default accounts. All this content can be shared between the LogRhythm team and the security community through the LogRhythm Axon GitHub repository. 

Figure 3: Gain a faster time to value with out-of-the-box content that can be customized to your environment.

Automatic Alerts 

Some data sources are more important than others and knowing when those critical logs have stopped sending data into the platform is extremely important. You can now set up automatic alerts for when those critical sources stop sending data, increasing your confidence in the data that is being ingested into the platform.  

Gain confidence in the data by knowing when your critical data sources have stopped sending logs into the platform

Analytics Rule Suppression 

A common pain point among security analysts is alert fatigue and one way alert fatigue happens is when the same analytics rule keeps firing without looking at specific time parameters around the rule. You can now add suppression logic to a streaming analytics rule so it can be configured to generate only one alarm during a specific time frame. With a smaller number of actionable alerts, alert fatigue decreases and analysts can spend more time investigating the alerts that are critical. 

Visibility into Case Management Metrics 

Measuring the efficiency of a SOC and where it can improve over time will enable security teams to understand where they should be spending their resources. This quarter, LogRhythm Axon added metrics to the case page that provides a holistic view of open cases, unassigned cases, cases by severity, and cases by status. A quick snapshot of cases enables teams to make more informed decisions quickly. 

Figure 5: Stay on top of cases in your environment with case metrics.

That’s just a highlight of everything we’ve launched this quarter and as with every quarter, we’ve also added and enhanced new log sources, and made improvements to our Axon Agent. Since LogRhythm Axon has feature releases every two weeks, we are always innovating on the platform so that security teams focus on security. Information and documentation on all the enhancements can be found in our Release Notes as well as within the LogRhythm Axon platform. 

To learn more about LogRhythm Axon, read the product data sheet or schedule a demo here.