Skip to main content
Skip table of contents

KSA-ECC User Guide – LogRhythm GeoIP Functionality

LogRhythm Geolocation is a key function in enterprise log management and SIEM that equips an organization with global awareness. You can use network visualization and relationship mapping to establish customized geolocation settings. LogRhythm Professional Services can help you set the GeoIP Resolution to the country level so you can achieve global event awareness without bogging down your SIEM. With the specific guidelines recommended in the Kingdom's ECC publication, geolocation functionality can serve many purposes for an organization maturing its security posture. 

For example, one of the controls for third-party cybersecurity outlined in the ECC requires that the organization's hosting information and storage reside within the Kingdom. Additionally, you can monitor inbound traffic from countries with strict data protection laws or with known high-risk for malicious activity to ensure you are complying with ECC regulations and following policies. The KSA-ECC module contains AIE rules and alarms designed to notify appropriate individuals if new data subjects enter personal data into your environment. This functionality empowers your organization to apply policies and ensure you are in compliance with the Kingdom's ECC data protection requirements.

To use GeoIP functionality, a LogRhythm administrator must enable the feature in the Data Processor’s advanced settings. When applying the GeoIP functionality to the deployment, choose a level of granularity that fits your resources and requirements. From least to most granular the following settings can be established: Country, Region, City. When you add this location context to pertinent log data, it can be a vital tool that can be used to meet various log monitoring objectives.

Refer to LogRhythm’s Geolocation Feature Description: LogRhythm GeoLocation Visualization.

AIE Rules

Notification Area

Corresponding Investigation

CCF: GeoIP Blacklisted Region Activity

Security : Suspicious

CCF: GeoIP Inv

CCF: GeoIP General Activity

Operations : Information

CCF: GeoIP Inv

 

There are other enhanced LogRhythm capabilities that can be utilized as your organization’s compliance and security programs mature. These are discussed in more detail within the Kingdom of Saudi Arabia (KSA) Essential Cybersecurity Controls (ECC) Deployment Guide.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.