LogRhythm Labs Embedded Expertise

LogRhythm Labs empowers customers with embedded expertise and out-of-the box intelligence for streamlining advanced threat detection & response, compliance automation & assurance, and operational intelligence & optimization.  The team is comprised of dedicated information security specialists, including subject matter experts on a variety of topics, including IT auditing, intrusion detection and incident response, log and event taxonomy, and IT operations.  Engineers with LogRhythm Labs hold a wide range of industry certifications (e.g., CISSP, CISA, CEH, etc.) and use extensive continuing education and ongoing research to stay current with the newest developments in security, compliance and operational intelligence.

LogRhythm | LogRhythm Labs

LogRhythm Labs produces bi-weekly Knowledge Modules that contain pre-packaged, tailored content aligned with specific regulatory mandates, use cases or functions being performed by specific users of the LogRhythm platform.  Knowledge Modules deliver new and updated rules for device support, pre-built reports, report packages and templates, useful investigations and alerts, and advanced correlation and pattern recognition rules for LogRhythm’s AI Engine.  They also deliver new and/or updated lists (e.g. Top Attackers), use case-oriented or role-specific dashboard layouts, and out-of-the-box SmartResponse™ plug-ins for common automated response scenarios.  Users can install any modules relevant to their requirements, which can be rapidly applied and automatically propagated throughout the LogRhythm platform. 

Device Support

LogRhythm Labs performs continual research on 100’s of different devices and applications, developing a deep understanding of log and event data related to security, compliance and operations.  Engineers build rules for parsing all relevant data from within the log message without altering the raw data in any way. LogRhythm Labs also provides rules that automatically apply extensive data enrichment to any log message, adding valuable context, such as TrueTimeTM for accurate event sequencing, and event classification and a common event name that describes its exact nature.  

Compliance Solutions

LogRhythm Labs delivers compliance automation & assurance by providing enterprises with out-of-the-box report packages, investigations, alarms and automated remediation plug-ins that are specifically mapped to individual regulations.  

Packages include:

  • SOX
  • GLBA
  • GCSX
  • Protective Monitoring: GPG 13
  • ISO 27001
  • Etc.

Advanced Threat Management

The LogRhythm Labs Advanced R&D Team maintains an innovative threat analysis laboratory to ensure that they stay up-to-date with the most current and advanced cyber threats being faced by LogRhythm’s worldwide customer base. That research is applied by the Advanced R&D Team toward developing cutting edge out-of-the-box tools to defend enterprises from a myriad of internal and external threats, providing industry-leading threat management capabilities.

Tools Creation

LogRhythm Labs is dedicated to developing practical solutions and tools that help customers meet specific security, compliance and operations challenges more effectively, while at the same time improving usability and simplifying day-to-day operations.  Delivered as a standard component of LogRhythm’s biweekly Knowledge Modules, they include:

  • Layouts
    • Executive Views
    • Compliance-specific Dashboards
    • Role-based Analyst Screens
  • Pre-defined Forensic Investigations
  • Advanced Correlation and Pattern Recognition Rules
  • Out-of-the-box Alarms for Security, Compliance and Operations
  • SmartResponse™ Plug-ins

SmartResponse™ Plug-Ins

LogRhythm Labs places a strong emphasis on creating practical and usable automation tools to meet the needs of any organization. For many common scenarios, LogRhythm Labs provides out-of-the-box access to SmartResponse™ scripts, designed to address common organizational issues related to security, compliance and operations.  Categories for preconfigured scripts include:

  • User Management (e.g. disabling or enabling an Active Directory Account)
  • Process/Service Management (e.g. starting or stopping a process/service)
  • Network/Security Management (e.g. adding an attacking IP address to a firewall ACL)
  • Etc.

Custom Solutions

In addition to creating intelligent solutions for common use cases, LogRhythm Labs can be engaged to create custom intelligence for customers with unique requirements and/or operating environments. Options exist for the development of rules support for in-house and custom application, custom reports and report packages, customer-specific AIEngine alarming rules, and individualized SmartResponse™ scripts.