LogRhythm
Logrhythm is a Security Information and Event Management (SIEM) platform that provides comprehensive threat detection, investigation, and response capabilities. It centralizes log data from various IT systems and applications, enabling security teams to analyze and correlate information for identifying potential security incidents. Logrhythm offers a robust suite of tools for threat hunting, incident response, compliance, and security analytics.
Creating a LogRhythm connection
Using API Token
To create the connection you need:
- An API Address
- An API Token
Obtaining the credentials
API Token
- Log in to the LogRhythm Client Console as a Global Administrator.
- Navigate to Deployment Manager -> Third Party Applications.
- Locate an exiting application or create a new one.
- Double-click the application to open its properties.
- Click Generate Token to create a new API token.
Creating your connection
-
In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
-
Select the LogRhythm icon. A dialog box with name of the connection and connection methods appear.
-
(Optional) Edit the name of the connection. At a later stage you cannot edit the name.
-
Select API Token as the method to create the connection.
-
Fill in the parameters:
- The API Address
- The API Token
-
(Optional) Click Test Connection to test it.
-
Click Create connection. The new connection appears on the Connections page.