LogRhythm Open Collector and Beats

LogRhythm Open Collector

• Open Collector Release Notes
• Open Collector Installation and User Guide
• Configure Beats for JSON Parsing
• Custom JSON Agents
• JSON Normalization Customization
• Custom Beats and Pipelines Resources (Legacy - OC Pipeline)

AWS S3 Beat

• Configure AWS S3
• Initialize the AWS S3 Beat
• (LRCloud Only) Initialize the AWS S3 Beat Using Cloud to Cloud Collection
• Configure the AWS S3 Log Source in the SIEM
• Configure Role-Based Access for an AWS EC2 Instance
• Cross-Account Access for Bucket Objects in S3 Beat
• AWS S3 Beat with STS Assume Role
• AWS S3 Beat IAM User Permissions
• Scalability Testing for the AWS S3 Beat
• Proxy Support for the AWS S3 Beat

Azure Event Hubs Beat

• Understand Log Flow From Azure to Event Hub
• Configure the Azure Event Hub Beat
• Event Hub Beat Using Azure Auth (MSI)
• Event Hub Beat Using Connection Strings
• (LRCloud Only) Initialize the Azure Event Hub Beat Using Cloud-to-Cloud Collection
• Configure the Azure Event Hub Beat Log Source in the SIEM
• Configure Microsoft Defender Logs in the Event Hub
• Troubleshoot Azure and Event Hub
• Scalability Testing for the Azure EventHub Beat

Carbon Black Cloud Beat

• Configure Carbon Black Cloud
• Initialize the Carbon Black Cloud Beat
• (LRCloud Only) Initialize the Carbon Black Cloud Beat Using Cloud to Cloud Collection
• Configure the Carbon Black Cloud Log Source in SIEM

Cisco AMP Beat

• Configure the Cisco AMP Beat
• Initialize the Cisco AMP Beat
• (LRCloud Only) Initialize the Cisco AMP Beat Using Cloud to Cloud Collection
• Configure the Cisco AMP Beat Log Source in the SIEM
• Troubleshoot the Cisco AMP Beat

Darktrace Beat

• Darktrace Portal Configuration
• Initialize the Darktrace Beat
• Configure the Darktrace Beat Log Source in SIEM

Duo Authentication Security Beat

• Configure Duo Admin API for Duo Beat
• Connect Okta
• Initialize the Duo Beat
• (LRCloud Only) Initialize the Duo Beat Using Cloud to Cloud Collection
• Configure the DuoBeat Log Source in the SIEM
• Troubleshoot Duo Beat

Exabeam Case Beat

• NewScale Configuration for Exabeam Case Beat
• Initialize the Exabeam Case Beat
• Configure the Exabeam Case Log Source in the SIEM

Generic Beat

• Configure the Generic Beat
• Initialize the Generic Beat
• Configure Generic Beat Log Flows into SIEM
• Working with the Generic Beat
• Troubleshoot the Generic Beat
• Generic Beat with IronDefense Support

Gmail Message Tracking Beat

• Configure Gmail Message Tracking
• Initialize the Gmail Message Tracking Beat
• (LRCloud Only) Initialize the Gmail Message Tracking Beat Using Cloud to Cloud Collection
• Configure the Gmail Message Tracking Beat Log Source in the SIEM
• Troubleshoot the GMT Beat

GSuite Beat

• Configure GSuite
• Initialize the GSuite Beat
• Configure the GSuite Beat Log Source in the SIEM
• Work with the GSuite Beat

Kafka Beat

• Initialize the Kafka Beat
• Configure the Kafka System Log Beat Log Source in SIEM
• SentinelOne via Kafka Beat Setup
• Configure the SentinelOne Log Source in SIEM
• Troubleshoot the Kafka Beat

Microsoft Graph API Beat

• Configure Microsoft Graph API
• Initialize the Microsoft Graph API Beat
• Configure the Microsoft Graph API Beat Log Source in the SIEM
• Troubleshoot the Microsoft Graph API Beat

Okta Beat

• Configure the Okta Beat
• Initialize the Okta Beat
• (LRCloud Only) Initialize the Okta Beat Using Cloud to Cloud Collection
• Configure the Okta System Log Beat Log Source in SIEM
• Troubleshoot the Okta Beat
• Proxy Support For Okta Beat

Prisma Cloud Beat

• Configure Prisma Cloud
• Initialize the Prisma Cloud Beat
• Configure the Prisma Cloud Log Source in SIEM

Proofpoint Beat

• Initialize the Proofpoint Beat
• Configure the Proofpoint Log Source in SIEM
• Troubleshoot the Proofpoint Beat

PubSub Beat

• Configure the PubSub Beat
• Initialize the PubSub Beat
• (LRCloud Only) Initialize the PubSub Beat Using Cloud to Cloud Collection
• Configure the PubSub Beat Log Source in the SIEM

Qualys FIM Beat

• Configure Qualys Portal
• Initialize the Qualys FIM Beat
• Configure the Qualys Log Source in SIEM

Salesforce Beat

• Initialize the Salesforce Beat
• Configure the Salesforce Beat Log Source in SIEM

Sophos Central Beat

• Configure Sophos Central
• Initialize the Sophos Central Beat
• (LRCloud Only) Initialize the Sophos Central Beat Using Cloud to Cloud Collection
• Configure the Sophos Central Beat Log Source in the SIEM

Symantec WSS Beat

• Initialize the Symantec WSS Beat
• Configure the Symantec WSS Beat Log Source in SIEM

Webhook Beat

• Configure Webhook
• Initialize the Webhook Beat
• Configure the Webhook Beat Log Source in the SIEM