With LogRhythm, you have a centralized platform that monitors both your on-premise and cloud infrastructure and applications. To properly protect your data, the LogRhythm NextGen SIEM Platform provides:
Gain comprehensive visibility into your cloud-based services from a single pane of glass. With LogRhythm, you’ll continuously collect, normalize, and analyze rich software as a service (SaaS) forensic data from your cloud deployments and your broader, distributed IT environment. Depending on your architecture and needs, LogRhythm offers several ways to set up monitoring.
Offers remote, high-performance collection of all machine data including log messages, application data, security events, and network flows
Deployable on individual virtual machines capturing local log data (e.g., flat files) and providing endpoint forensic monitoring
Offers remote collection of audit logs from cloud services provided via API
Easily collect Microsoft Azure IaaS logs via the Azure Log Integration (AzLog). Azure provides a wide variety of events including control/management logs, automatically auditing when any Azure resource is created, updated, or deleted.
By using the same integration to collect Azure IaaS logs, you can also gain insight into your Azure PaaS environment. This integration provides a wide array of data enabling deeper visibility into your cloud environment. Event logs from Azure VMs are treated like on-premise Microsoft Event Log sources, parsing out fields such as the Event ID and Host. This parsing enables correlation and analysis between the on-premise and cloud infrastructures in hybrid environments.
With LogRhythm, it’s easy to achieve cloud security in your Amazon Web Services (AWS) environment.
In a seamless integration, your AWS data is ingested by LogRhythm and combined with your other data. By using machine analytics, LogRhythm then correlates and analyzes the entire data set to detect anomalies, corroborate potential threats, and baseline normal behavior patterns.
This analysis allows you to monitor your AWS services and receive alerts about suspicious activity, keeping your data and resources secure.
Configure static LogRhythm SysMon Agents (SMAs) to remotely collect Event Log (Windows) or Syslog (*nix) from any OS in the environment
Use Virtual Machine templates to automatically deploy new SMAs agents dynamically. In addition to Event Log/Syslog collection, this has the added benefit of Endpoint Monitoring, critical in compliance scenarios (such as PCI)
SMAs can be managed centrally and in bulk from the LogRhythm Console, enabling you to apply templates and upgrade your entire environment