Skip to main content
Skip table of contents

ASD User Guide – LogRhythm GeoIP Functionality


LogRhythm Geolocation is a key function in enterprise log management and SIEM that allows the organization to establish global awareness. This is facilitated through network visualization and relationship mapping that allow geolocation settings to be established according to your needs. Specifically for ASD-ISM, consider working with LogRhythm Professional Services to set the GeoIP Resolution to the country level allows you to obtain global event awareness without bogging down your SIEM. With the specific location based guidelines recommended by the ASD-ISM, geolocation functionality can serve many purposes for an organization maturing it's security posture.

For example, you can monitor inbound traffic from countries with strict data protection laws or of known high-risk for malicious activity to ensure ASD-ISM regulations are adhered to and policies can be followed. AIE rules and alarms have been created within the ASD Compliance Automation Suite to notify appropriate individuals for the potential of new data subjects entering in personal data into your environment. Empower your organization to apply policies and ensure adherence to ASD-ISM’s data protection is supported through your SIEM.

To use GeoIP functionality, a LogRhythm administrator must enable the feature in the Data Processor’s advanced settings. As to the geographic granularity of applying the GeoIP functionality to the deployment, this consideration should be considered based on resources and requirements. From least granular to most the following settings can be established: Country, Region, City. Adding this location context to pertinent log data can be a vital tool and can be applied to various log monitoring objectives.

Refer to LogRhythm’s Geolocation Feature Description: LogRhythm GeoLocation Visualization.

AIE Rules

Notification Area

Corresponding Investigation

CCF: GeoIP Blacklisted Region Activity

Security : Suspicious

CCF: GeoIP Inv

CCF: GeoIP General Activity

Operations : Information

CCF: GeoIP Inv


There are other enhanced LogRhythm capabilities that can be utilized as your organization’s compliance and security programs mature. These are discussed in more detail within the Australian Signals Directorate (ASD) Information Security Deployment Guide.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.