Skip to main content
Skip table of contents

NCA OTCC User Guide – LogRhythm GeoIP Functionality

LogRhythm Geolocation is a key function in enterprise log management and SIEM that equips the organization to establish global awareness. You can use network visualization and relationship mapping to establish customized geolocation settings. LogRhythm Professional Services can help you set up the GeoIP Resolution to the country level so you to achieve global event awareness without bogging down your SIEM. With the specific guidelines recommended in the NCA OTCC publication, geolocation functionality can serve many purposes for an organization maturing its security posture.

For example, you can monitor inbound traffic from countries with strict data protection laws or with a known high risk for malicious activity to ensure you are adhering to NCA OTCC regulations and following its policies. The NCA OTCC module contains AIE rules and alarms designed to notify appropriate individuals if new data subjects enter personal data into your environment. This functionality empowers your organization to apply policies and ensure you comply with the NCA OTCC data protection requirements.

To use GeoIP functionality, a LogRhythm administrator must enable the feature in the Data Processor’s advanced settings. When applying the GeoIP functionality to the deployment, choose a level of granularity that fits your resources and requirements. From least to most granular, the following settings can be established: Country, Region, and City. When you add this location context to pertinent log data, it can be a vital tool that can be used to meet various log monitoring objectives.

Refer to LogRhythm’s Geolocation Feature Description: LogRhythm GeoLocation Visualization

AIE Rules

Notification Area

Corresponding Investigation

CCF: GeoIP Blacklisted Region Activity

Security: Suspicious

CCF: GeoIP Inv

CCF: GeoIP General Activity

Security: Suspicious

CCF: GeoIP Inv

There are other enhanced LogRhythm capabilities that can be utilized as your organization’s compliance and security programs mature. These are discussed in more detail in the NCA OTCC Deployment Guide.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.