NCA OTCC User Guide – LogRhythm GeoIP Functionality
LogRhythm Geolocation is a key function in enterprise log management and SIEM that equips the organization to establish global awareness. You can use network visualization and relationship mapping to establish customized geolocation settings. LogRhythm Professional Services can help you set up the GeoIP Resolution to the country level so you to achieve global event awareness without bogging down your SIEM. With the specific guidelines recommended in the NCA OTCC publication, geolocation functionality can serve many purposes for an organization maturing its security posture.
For example, you can monitor inbound traffic from countries with strict data protection laws or with a known high risk for malicious activity to ensure you are adhering to NCA OTCC regulations and following its policies. The NCA OTCC module contains AIE rules and alarms designed to notify appropriate individuals if new data subjects enter personal data into your environment. This functionality empowers your organization to apply policies and ensure you comply with the NCA OTCC data protection requirements.
To use GeoIP functionality, a LogRhythm administrator must enable the feature in the Data Processor’s advanced settings. When applying the GeoIP functionality to the deployment, choose a level of granularity that fits your resources and requirements. From least to most granular, the following settings can be established: Country, Region, and City. When you add this location context to pertinent log data, it can be a vital tool that can be used to meet various log monitoring objectives.
Refer to LogRhythm’s Geolocation Feature Description: LogRhythm GeoLocation Visualization
AIE Rules | Notification Area | Corresponding Investigation |
---|---|---|
CCF: GeoIP Blacklisted Region Activity | Security: Suspicious | CCF: GeoIP Inv |
CCF: GeoIP General Activity | Security: Suspicious | CCF: GeoIP Inv |