Best IT Blog

Logrythm Architecture and Design 7.x Notes

ü  Dashboard

ü  Searching

ü  Review of alarms


ü  Qualify – to investigate (establish root cause)

ü  Then mitigate


ü  Html5 coded


ü  Risk based alarms

ü  Case workflow


ü  Realtime data 

ü  DoubleClick drill down

ü  Underlying log data.


Logviewer to analyst grid – access

Low footprint on the browser (Client)


Activities represented

Pivot sort of data / datasets


Widgets to customize dashboard 

Edit widgets, more advanced filters


Threat activity map

Drill down create a task on another task to free up resources


Flow data – Network monitor

Deep packet analytics (rule protocol mismatch) 

Packet captures – Session based


Case management

Tagging for cases (searchable and filter with dashboards)

Create new tags


Log contains

Search contextualized content for




Search contains:   (filter on classified actions (750 devices application and systems)

Pre-created processing rules 

Structure and unstructured searches


End point monitoring

File integrity monitoring

Watchlist users 

o   Account takeovers

·         Precision searches

·         Alarms page (tab)

·         Fired alarms and risk based fired

·         Entity logical segmentation of the network

·         Other filtering and sorting by risk by date

o   Smart responses based on activity (actions – multiple responses)

·         Disable accounts or quarantine devices

·         Corroborated alarms (supporting activities that are, 3 or more behavioral anomalies from the user)

·         Associate logs and alarms into cases


o   Drill down into data sets associated with the activities

·         Watchlist or searches (criteria, source with host) 

Single host or distributed host for performance.


AI Engine

Desktop console


System (Windows, Unix, remotely (no agent directly installed) Local and remote log collections

Non Server log server performance file integrity

Comments Off on Logrythm Architecture and Design 7.x Notes

Comments are closed.