LogRhythm Sysmon | Endpoint Data Collection
Achieve deeper visibility of all the activity across your organization with monitoring that looks beyond log sources. LogRhythm System Monitor (SysMon) consolidates and collects machine data from multiple environments and infrastructures, enabling your team to detect and respond to threats faster.
Enabling Data Collection and Endpoint Monitoring
Deployed as a software agent, LogRhythm SysMon is part of the LogRhythm SIEM platform that delivers greater visibility into the activity occurring on endpoint devices, such as desktops, servers, and virtual machines. By supporting both data collection and endpoint monitoring, LogRhythm SysMon lowers your total cost of ownership and provides faster time to value.
As an agent-based data collector, LogRhythm SysMon complements our agentless data collector options to aggregate log data, security events, and other machine data. It consolidates and collects data from local and remote environments and cloud infrastructures. A single SysMon agent can collect thousands of messages per second from dozens of devices.
Achieve Greater Performance with SysMon
LogRhythm makes it easier to ingest log sources and simplify the onboarding process with a JSON parsing engine embedded JSON in SysMon. Compatible starting with LogRhythm SIEM version 7.13, the JSON parsing engine enables you to ingest cloud-native log sources significantly faster, with the capability of handling thousands of messages per second.
Endpoint Monitoring Use Cases
LogRhythm SysMon supports many use cases for endpoint monitoring, including:
- File integrity monitoring prevents corruption of critical files by identifying when and by whom files and associated permissions are created, viewed, modified, and deleted.
- Independent process monitoring reports process and service activity to enable the detection of critical behavior, such as processes stopping or new or blacklisted processes starting.
- Windows Registry monitoring detects registry additions, modifications, deletions, permission changes, and more to provide the details necessary to detect advanced threats and compromised endpoints.
- Network connection monitoring provides a detailed, independent log of all network connections opened and closed on a host to detect critical threats such as connections with unauthorized servers.
- User activity monitoring logs any user that authenticates to an endpoint, creating a forensic record to supplement and validate local auditing systems.
- Data Loss Defender monitors data transfers to and from removable media, such as USB drives, and it can optimally block transfers on specific machines and devices.
Flexible, Powerful Administration for Easy Management
As an agent, LogRhythm SysMon is available for deployment throughout your organization to collect data from hundreds of devices. SysMon provides streamlined administration and management through policy-based configuration.
LogRhythm SysMon benefits:
- Manage SysMon agents centrally for streamlined administration
- Streamline implementation and management with policy-based configuration
- Centrally schedule and push upgrades in seconds
- Deploy and manage tens or hundreds of thousands of agents cost-effectively to fit the scalability needs of your environment
- Choose from flexible options for monitoring workstation or server endpoints
- Operate on endpoints, servers, and virtual machines running Windows, Linux, and various instances of UNIX
See LogRhythm SysMon in Action
To learn more about how LogRhythm SysMon can help you achieve greater visibility, schedule a custom demo today.