Skip to main content
Skip table of contents

GDPR User Guide – LogRhythm GeoIP Functionality

LogRhythm Geolocation is a key function in enterprise log management and SIEM that allows the organization to establish global awareness. This is facilitated through network visualization and relationship mapping that allow geolocation settings to be established according to your needs. Specifically, for GDPR consider working with LogRhythm ProServ to set the GeoIP Resolution to the country level, which allows you to obtain global event awareness without bogging down your SIEM.

For example, monitor inbound traffic from countries in the EU to ensure GDPR regulations are adhered to and policies can be followed. AIE rules and alarms have been created within the GDPR Compliance Automation Suite to notify appropriate individuals of the potential of new data subjects entering personal data into your environment. Empower your organization to apply policies, ensure adherence to GDPR’s right to consent, and identify at-risk systems where mitigating controls need to be applied.

In order to use GeoIP functionality, a LogRhythm administrator must enable the feature in the Data Processor’s advanced settings. Regarding the geographic granularity of applying the GeoIP functionality to the deployment, this consideration should be considered based on resources and requirements. From least granular to most the following settings can be established: Country, Region, City.

To learn more about LogRhythm’s Geolocation Feature Description, click here.

AIE RulesNotification AreaCorresponding Investigation
CCF: GeoIP Blacklisted Region ActivitySecurity: SuspiciousCCF: GeoIP Inv
CCF: GeoIP General ActivitySecurity: SuspiciousCCF: GeoIP Inv
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.