Cisco Security and LogRhythm

LogRhythm provides intelligence and analytics technologies that empowers organizations around the globe to rapidly detect, respond to, and neutralize damaging cyber threats.

Product Integrations

• Secure threat response: The LogRhythm integration empowers users to investigate an observable and determine if it is contained in an event stored in LogRhythm. It provides users with the date and time the observable was seen in the event and the raw event data. This integration allows you to query IPv4 and IPv6 data types and it returns sightings of an observable from each event.
• Secure Endpoint: LogRhythm integrates with Cisco Secure Endpoint via a REST based API that allows LogRhythm to pull and ingest data from an AMP deployment. LogRhythm then applies scenario and behavioral-based analytics on this data, as well as other log and machine data from throughout the environment for comprehensive visibility. Security teams can visualize high priority events in an AMP-specific dashboard within LogRhythm's centralized console.
• Secure Firewall: LogRhythm built and maintains an eStreamer API client to pull rich event data from the Firepower Management Center for analysis on their SIEM platform.
• Secure Malware Analytics: LogRhythm continually consumes malware analysis and threat intelligence data provided by Secure Malware Analytics with other machine data collected from across the environment to accurately identify and prioritize high-risk events. LogRhythm SmartResponse™ plugin allows analysts to automatically submit potential indicators of a comprise such as domain names, IP addresses, hashes, and file names detected within the LogRhythm platform to Secure Malware Analytics for analysis and threat scoring. LogRhythm can automatically add security incidents from Cisco to the built-in case management, along with relevant logs and metadata for triage and resolution.
• Cloud Security: The Cisco Cloud Security (Umbrella and CloudLock) and LogRhythm integration allows organizations to: a) Gain visibility to your endpoints and users even from remote locations, b) Block malicious domains and IP addresses, c) Investigate malicious indicators of compromise (for example, domains, IPs, ASNs, file, d) hashes, and email addresses). View a single pane of glass for all security incidents and correlation, including a) cloud and on-premises insights, b) Prevent account compromise and data leaks in the cloud, d) Detect cloud malware, e) Meet compliance requirements, e) Investigate security incidents and suspected data breaches, f) Coordinate security across existing investments. By combining Cisco’s cloud security enforcement and intelligence with LogRhythm’s security data analytics and threat intelligence, customers can reduce the time to detect and contain threats, increase visibility into the internet activity across all locations and users, identify cloud apps used across the business, and reduce remediation costs and breach damage.
• Identity Services Engine: LogRhythm integration with Cisco Identity Services Engine (ISE) combines device, user, and group-driven security analytics with LogRhythm Next-Gen SIEM, file integrity, and host activity monitoring.