LogRhythm Labs

Breaking Down the Anatomy of a Phishing Attack

Anatomy of a Phishing Attack Detecting a spear phishing attack can often be like searching for a needle in haystack. However, your security operation center (SOC) analysts can use LogRhythm’s SmartResponse™ and AI Engine to rapidly detect and respond to…

Read More

Mamba Ransomware Analysis

Mamba Ransomware Background In September of 2016, a strain of ransomware was found in the wild which performed full disk encryption. According to Kaspersky Lab researchers1, this ransomware strain named “Mamba” now appears to be re-circulating, primarily in Brazil and…

Read More

How to Make Your SIEM Speak

Your security teams can be responsible for managing a number of logs, so how do you make malicious behavior and alerts stand out? Using LogRhythm’s SmartResponse™, you can make your SIEM speak to you and audibly alert to a threat.…

Read More

Identifying PowerShell Tunneling Through ICMP

Hackers are constantly looking for ways to bypass traditional network defenses, and exploiting the Internet Control Message Protocol (ICMP) as a covert channel for a reverse shell is a commonly used method for attack. However, you can use LogRhythm’s NetMon…

Read More

Analyzing ICMP Traffic with NetMon

The Internet Control Message Protocol (ICMP) is one of the foundational internet protocols that define how systems talk to each other. Commands such as ping and traceroute are supported by ICMP. Based on request for comments (RFC) 792, ICMP has…

Read More

Automate Project Management with SmartResponse

The SIEM is a great central aggregate for case data and analytics, but also has the ability to give your team back valuable time if you take advantage of automation. The more automation you can build into a SIEM, the…

Read More

Using the Internet of Things and SmartResponse to Receive SIEM Alarms

Wouldn’t it be great if you could be notified of SIEM alarms through the Internet of Things (IoT)? Well, now you can! Introducing the Philips Hue SmartResponse™ and PowerShell script. Imagine that your analysts are busy working on other things,…

Read More

NotPetya Technical Analysis

In our Detecting Petya/NotPetya post earlier this week, we described the way in which NotPetya (or “Nyetna” as it has also been named) spreads to other systems on the network without use of the ETERNALBLUE/ETERNALROMANCE SMBv1 exploits. (Although the code…

Read More

Deploying NetMon Freemium at Home to Monitor IoT Devices

Why Monitor IoT Devices at Home? LogRhythm’s NetMon Freemium is a powerful and easy-to-use product, so why not fully realize its potential both at home and in the office? In-home Internet of Things (IoT) devices, such as sensors, lights, cameras,…

Read More

Detecting Petya/NotPetya Ransomware

Petya / NotPetya Poses Risk to Even Patched Systems On the morning of June 27, 2017, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe, affecting varied industries such as…

Read More