Investigations

IDInvestigation NameInvestigation DescriptionMinimum Data RequirementRecommended Data RequirementIntelligent IndexingNetwork Monitor Required?

205

Network : Unauthorized/Risky Application Usage

This investigation provides details on all unauthorized or risky application usage. Unauthorized or risky applications are defined by the user in the list "NBAD": Unauthorized/Risky Applications".

LogRhythm Network Monitor

YesYes

206

Network : Blacklisted Country Activity


Firewall or Network Flow Data

LogRhythm Network Monitor, Next Gen Firewall

YesNo

207

Network : Non-Whitelisted Country Activity


Firewall or Network Flow Data

LogRhythm Network

Monitor, Next Gen Firewall

YesNo

208

Network : Non-HTTP Traffic Over Port 80


Firewall or Network Flow Data

LogRhythm Network Monitor, Next Gen Firewall

YesNo

209

Network : Network Monitor Activity Past 30 Minutes

This investigation provides details on all network monitor activity for the past 30 minutes.

LogRhythm Network Monitor

NoYes

Tails

ID

Tail Name

Tail Description

Minimum Data RequirementRecommended Data Requirement

Intelligent Indexing

Network Monitor Required?

38

LogRhythm Network Monitor All Activity Past 3 Minutes

Returns all LogRhythm Network Monitor activity for the past three minutes.

LogRhythm Network MonitorLogRhythm Network Monitor

No

Yes