By integrating NetMon
with LogRhythm Enterprise, you can correlate activity across different log sources and applications. This integration allows you to view relevant reports and receive alerts when issues arise. For example, AI Engine rules such as "HTTP Over an Uncommon Port" create an alarm when web traffic is seen communicating with a remote port not commonly associated with HTTP traffic. This alarm can be useful for tracking unauthorized web application usage.
This section explains how to configure LogRhythm Enterprise to work with NetMon, including how to set a custom Syslog port in your Enterprise instance and ensure that your NetMon instance receives that Syslog data.