Integration: LogRhythm

Maximize the Value Of Your LogRhythm Deployment with Wire Data from ExtraHop

Reduce dwell time and combat threats against your most critical assets without succumbing to alert fatigue by combining wire data analytics from ExtraHop and leading-edge log analysis from LogRhythm Security Information and Event Management (SIEM) system.

LogRhythm And Wire Data

Combine LogRhythm with Wire Data insights from ExtraHop For Greater Security Visibility, Focus, and Automation Than Ever

By merging log data with LogRhythm and real-time wire data insights with ExtraHop, you create the most effective, accessible, and complete security dataset available. With total north-south and east-west visibility, and unprecedented forensic lookback, you can reduce dwell time of threats, prioritize your most critical assets, and automate investigations into the most severe threats.

ExtraHop enables you to fully analyze every packet in your environment in real time and forward precisely what you want to LogRhythm. With ExtraHop, there is no data loss, no limitations on what you can analyze, and no delay before high quality actionable data is made available to LogRhythm in the expected format.

With ExtraHop and LogRhythm in place, SECOPS teams can adopt a proactive security posture - detecting and shutting down threats before they turn catastrophic, and leveraging real time insights to assure the business's critical assets are always secure.

Use Cases

Visibility into SSL traffic bypassing the proxy


Use ExtraHop to detect non-whitelisted clients and users attempting to access restricted content and forward the details to LogRhythm for further analysis and action.

ToR activity surveillance


Use ExtraHop and LogRhythm to detect traffic to known ToR nodes and forward the details to LogRhythm for further analysis and actions.

DNS payload / exfiltration auditing


Use ExtraHop to detect and forward the specific DNS packets that exhibit possible tunnelling behavior to LogRhythm for further analysis and action.

Database SQL DROP command surveillance


Use ExtraHop to detect non-whitelisted clients and users attempting to execute "DROP" table commands and forward details to LogRhythm for further analysis and action.

Service account auditing


Use ExtraHop to detect service accounts being used to interactively remote desktop login to other Windows hosts and forward the details to LogRhythm for further analysis and action.

How It Works

The ExtraHop appliance requires no agents and integrates with LogRhythm out of the box. Built for speed and scale, ExtraHop passively analyzes every packet that flows across your enterprise at a sustained 40 Gbps, decrypting, reassembling, filtering, and extracting actionable insights before streaming the data to LogRhythm. Extensive support for the most commonly used enterprise applications and protocols gives you maximum visibility and choice over what wire data you send to LogRhythm.

How LogRhythm SIEM Works

 

Why Wire Data

Wire data provides an unbiased, complete, immutable, and detailed record of all communication in your environment in a way that log data cannot. Applications without logging enabled can still be monitored, and even where logging is configured, ExtraHop captures critical details not included in the logs. By supplementing your existing data sources with wire data, your SIEM can get complete visibility into everything communicating in your enterprise, enabling it to detect more threats and empowering your incident responders to discover root cause faster.

See The Power

Ready to See for Yourself?

Push to Start