LogRhythm Labs

Security Measures Retailers Should Have in Place

It’s the most wonderful time of the year! As the rush towards Christmas continues and spending reaches fever pitch, those tasked with protecting retail networks, Point-of-Sale (POS) systems, and online shopping sites might be tempted to think it’s the most…

Read More

Tracking Group Policy Changes: Part 2

After reading my last post Tracking Group Policy Changes: Part 1, you may wonder what LogRhythm can do with the GPO change logs? Let’s take a look at how this is presented within LogRhythm. As I mentioned previously, LogRhythm has…

Read More

Tracking Group Policy Changes: Part 1

Following my earlier blog post, Unauthorized Use of Windows Administration Tools Use Case, one of our readers asked about methods for monitoring changes made to group policies. LogRhythm has built-in processing policies for almost any log imaginable in Windows and…

Read More

VirusTotal SIEM Integration

Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other files/processes and appear as something legitimate even though it’s really not the program it is…

Read More

SmartResponse Shell

LogRhythm’s SmartResponse™ is a powerful and flexible technology that has been further extended in LogRhythm 7 to allow actions to be executed on System Monitor Agents. These actions can be launched when an individual alarm is generated, on demand, or…

Read More

Detecting Rogue Processes in the Services Session

The Challenge PSExec is a powerful utility offered by Microsoft’s Sysinternals. It lets you execute processes on other systems without having to install anything manually. The tool interactively installs itself on the remote target machine, so you can redirect the…

Read More

Unauthorized Use of Windows Administration Tools Use Case

The Challenge Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services and other system components. These tools are provided as plug-ins. Some of the common ones are Active Directory Users and Computers, DNS…

Read More

NetMon and SSL Proxy Integration

The Encryption Paradox Security experts universally agree that network traffic must be encrypted to be considered secure, and many compliance standards and applications (let alone common sense) require it. However, encryption creates a paradox for network security monitoring. Encryption protects…

Read More

Protect Your Grid

LogRhythm’s Launch of NERC-CIP v.5 Compliance Module Assisting Customers in the transition from v3 to v5 On February 12, 2013, the Obama administration recognized the growing cyber threat to various critical U.S. infrastructure. In response, Obama issued Executive Order 13636…

Read More

PowerShell Command Line Logging

PowerShell is one of the best post-exploitation tools out there—simply because it’s already built in to every modern Windows system. And like the name states, it’s extremely powerful. PowerShell can be used to gather data, steal system information, dump credentials,…

Read More