Ready to Rule Your Network?
We're announcing a new NetMon Freemium contest, backed by cash prizes! Create a solution based on DPA rules, query rules, or dashboards and enter it to win.
Read MoreTips & Tricks
Enabling 24x7 Monitoring and Response Using Automated Playbooks
Learn how LogRhythm’s Security Orchestration, Automation, and Response (SOAR) capabilities can achieve 24x7 monitoring and response to malware threats.
Read MoreDetect WannaCry Initial Exploit Traffic with NetMon
The WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. Fortunately, the SMB dropper traffic is very easy to detect with NetMon using a simple Query Rule.
Read More
Detecting WannaCry Activity on Sysmon-Enabled Hosts
If you are already using Microsoft Sysmon in your environment, then you might be wondering whether it is possible to detect WannaCry activity on your Sysmon-enabled Windows hosts. The answer is yes!
Read More
A Technical Analysis of WannaCry Ransomware
Ransomware that has been publicly named "WannaCry," “WCry” or "WanaCrypt0r" (based on strings in the binary and encrypted files) has spread to at least 74 countries as of Friday 12 May 2017. This blog addresses the technical analysis of the ransomware, mitigation, LogRhythm signatures, Network Monitor (NetMon) query rules, and indicators of compromise.
Read More WannaCry Ransomware
On the afternoon of Friday, May 12, 2017, what we refer to as version 2 of WannaCry ransomware started to infect systems of a private Spanish telecommunications company. This blog covers the ransomware background, a high-level technical overview, the kill switch, and advice for defending against WannaCry.
Read More Stop Insider Threats with LogRhythm’s UEBA Capabilities
LogRhythm User and Entity Behavior Analytics (UEBA) functionality is built in to LogRhythm’s AI Engine and takes action to neutralize threats as they progress through the Cyber Attack Lifecycle.
Read More How to Extract SCSM Log Files from a Remote Windows Host
Use these free tools to extract System Center Service Manager (SCSM) log files to troubleshoot remote SCSM agents or pull files from remote hosts.
Read MoreAnalysis of Shamoon 2 Disk-Wiping Malware
Shamoon is a highly destructive malware that is capable of spreading to other Windows systems on the network, wiping any infected system at a specified date and time.
Read More Using Facebook’s osquery for Monitoring and Response
Real-time visibility is key to completely understanding the current state of your IT infrastructure. In October 2014, Facebook made low-level operating system monitoring easier by...
Read More