by Karen Scarfone – Tech Target
Expert Karen Scarfone examines LogRhythm’s Security Intelligence Platform, a SIEM tool for analyzing collected data
The LogRhythm Security Intelligence Platform is a security information and event management (SIEM) product for enterprise use. It is used to collect security event log data from software throughout an enterprise, including network security controls, operating systems and user applications. The SIEM tool analyzes the data to identify possible signs of malicious activity so humans or automated processes can stop attacks in progress or help recover from successful attacks. SIEM platforms such as LogRhythm’s also generate detailed reports on security events that can be used to document compliance with security regulations, laws and other requirements.
LogRhythm SIEM product versions
LogRhythm’s SIEM platform is available in several formats, including an all-in-one bundle or distributed components, and as hardware-based appliances, server-based software and virtual appliances (supported by VMWare ESX, Microsoft Hyper-V and Citrix XenServer). These last three formats — hardware, virtual and server software — can be mixed
and matched as needed within a single LogRhythm Security Intelligence Platform implementation.
Examples of the major component types are:
- Platform Manager (PM): Supports centralized management and administration for the LogRhythm implementation
- Data Processor (DP): Performs log collection and management
- Data Indexer (DX): Indexes data and metadata
- AI Engine (AI): Provides correlation and analysis capabilities
- All-In-One (XM): Combines the PM, DP, DX and AI components
- Network Monitor (NM): Specializes in deep analysis of network traffic contents
- Data Collector (DC): Collects log data from remote systems and prepares it for secure transfer to the centralized LogRhythm Security Intelligence Platform implementation