Blog

Enhanced Windows Security Event Log Collection

Thanks to the tireless work of the LogRhythm engineering team to update our Agent, as well as the efforts from LogRhythm Labs to develop a new collection interface, you can now collect Windows Security Event Logs at unsurpassed processing speeds with up to 32 percent less storage. Not too shabby!

Read More

Indefinite Disabled User Detection

What's worse than the walking dead in real life? Zombie user accounts that suddenly have activity and intend to do harm to your organization. Not to worry! Cleaning up disabled accounts can be quite simple.

Read More

Using LogRhythm as a File Integrity Monitoring Honeypot

Suppose you wanted to find threat actors lurking on your network—probably a good idea, right? To do this, you need to devise a way to be notified of strange activity. The steps in this post will further assist you in detecting malicious users who are already on your network by leveraging a honeypot.

Read More

Using Deep Packet Analytics to Detect Personally Identifiable Information

Often, the key indicators of compromised PII aren’t available in traditional log or audit data. So just how can organizations actively monitor for potentially exposed or leaked PII? In this example, I’ll cover how the Deep Packet Analytics feature in LogRhythm’s Network Monitor can do just this—detecting and alerting on exposed or leaked PII by looking at network traffic.

Read More

University of Colorado Hackathon

On Saturday, April 16th, over 60 students from The University of Colorado Boulder braved the "snowpocalypse" to participate in the Interdisciplinary Telecom Program (ITP) Security Hackathon sponsored by LogRhythm. The students consisted of mostly graduate students in the ITP Network Security track. They were faced with the challenge of finding clues to decrypt a fictional company's data.

Read More

WebConsole Cyber Kill Chain

Tough times call for tough measures. What better way to visualize those measures than through the Cyber Kill Chain? The Cyber Kill Chain is a method developed by Lockheed Martin to gain further insight into what stage a cybercriminal is at in an attacking cycle. Stages include Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Action on Objectives.

Read More

SMS Alerting Via SmartResponse

Security analysts can't always dedicate their time to monitoring the security operations center (SOC), nor do they always check the alerts that they receive via email, due to various reasons. Also, some alerts are simply more important than other alerts—important enough that you want to know about them right away and be notified in the most effective way possible, even when out of the office and disconnected from email.

Read More

LogRhythm Threat Intelligence Services (TIS): STIX via TAXII

Here at LogRhythm, we are excited to announce an updated release of our Threat Intelligence Services (TIS). If you're not familiar with TIS, its easy-to-use utility enables LogRhythm customers to rapidly add and configure a wide array of threat feeds from commercial or open-source feeds. However, in the new release of TIS (1.5), there is support for Structured Threat Information eXpression (STIX) threat data via Trusted Automated Exchange of Indicator Information (TAXII). But before I cover the details of what STIX and TAXII are, let's cover the why.

Read More

Palo Alto Networks Ignite 2016

LogRhythm was a proud sponsor at the recent Palo Alto Networks 2016 Ignite Conference in Las Vegas. It was a fantastic three-day event where we not only got to meet many existing customers and technology partners, but we also were able to demonstrate our powerful integrations between LogRhythm's Security Intelligence Platform and Palo Alto Network's Firewall. For those who weren't able to make it to the event, we wanted to share some of these integrations.

Read More