Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

LogRhythm

ThreatConnect® and LogRhythm® have partnered to enable users to detect and act on ThreatConnect intelligence in LogRhythm SIEM. With this integration, users are able to aggregate their internal logs and combine them with validated threat intelligence. This allows them to easily spot trends or patterns that are out of the ordinary and act on them efficiently.

Specialties

Integrations

LogRhythm SIEM

ThreatConnect and LogRhythm SIEM have partnered to enable users who need to retrieve and process alerts from LogRhythm to ThreatConnect. This integration allows customers to pull the LogRhythm Alarm on a schedule via the Service App, while the Playbook App allows customers to retrieve alarm details and manage LogRhythm cases.

The following actions are included:

  • Get Alarm Details
  • List Alarms
  • Update Alarm Status
  • Get Alarm Events
  • Create Case
  • Get Case
  • List Cases
  • Update Case
  • Update Case Status
  • Advanced Request

These apps are available in the ThreatConnect App Catalog under LogRhythm SIEM as LogRhythm SIEM Playbook and LogRhythm SIEM TriggerService.

Keep Reading
dark orange ThreatConnect TC logo

Built By ThreatConnect

LogRhythm Smart Response Plugin

The ThreatConnect integration package for LogRhythm allows LogRhythm users to interact with threat intelligence in ThreatConnect directly from the LogRhythm Console by using a set of LogRhythm plugin actions. The integration package can perform functions such as retrieving Indicator details and reporting observations and false positives to ThreatConnect.

First, aggregated logs from LogRhythm are combined with user’s threat intelligence in ThreatConnect. ThreatConnect provides context with the indicators, and enables the security team to easily spot out-of-the-ordinary trends or patterns and act on them efficiently. Upon a correlation rule match, a smart rule will trigger a playbook and create an observation in ThreatConnect, updating an observable indicator dashboard simultaneously. On top of that, users in ThreatConnect can search LogRhythm via API to search for an indicator over a time period.

Features & Benefits

  • Sends all available threat data from ThreatConnect into LogRhythm for validated alerting
  • Provides the necessary context to be able to take action on the indicators
  • Enables real-time threat analysis and indicator correlation
  • Automates the detection of advanced threats
  • Ensures that you are sending validated threat intelligence to LogRhythm

To enable the plugin, please reach out to your ThreatConnect Customer Success Manager.

Keep Reading

Related Resources

dark orange ThreatConnect TC logo

Built By ThreatConnect

Looking for an
integration not shown?

Contact Us