How do you know the total impact of a change control such as a patch management reboot? Or if your revenue generating devices are up and running throughout a distributed environment? If a user’s credentials are compromised, do you have the means to anticipate expected activity as well as noticeably abnormal behavior? Many times these questions are more effectively answered not by what activity is recorded, but by what activity is not recorded.
While most solutions are capable of detecting and alerting on specific events taking place, most fall short when it comes to alerting on expected behavior. You need to know not only when the wrong thing happens, but when the right thing doesn’t. With the complexity of today’s networks, this can be as difficult as listening for the sound of a single raindrop in the middle of a thunderstorm.
Download Alerting on the Absences of an Event Use Case PDF A4
Download Alerting on the Absences of an Event Use Case PDF US
LogRhythm can notify in the absence of an event, whether based on an expected event or as the result of a correlated behavior
What Didn’t They do Now?