Investigations
|
ID |
Investigation Name |
Investigation Description |
Minimum Data Requirement |
Recommended Data Requirement |
Intelligent Indexing |
Network Monitor Required? |
|---|---|---|---|---|---|---|
|
205 |
Network : Unauthorized/Risky Application Usage |
This investigation provides details on all unauthorized or risky application usage. Unauthorized or risky applications are defined by the user in the list "NBAD": Unauthorized/Risky Applications". |
LogRhythm Network Monitor |
|
Yes |
Yes |
|
206 |
Network : Blacklisted Country Activity |
|
Firewall or Network Flow Data |
LogRhythm Network Monitor, Next Gen Firewall |
Yes |
No |
|
207 |
Network : Non-Whitelisted Country Activity |
|
Firewall or Network Flow Data |
LogRhythm Network Monitor, Next Gen Firewall |
Yes |
No |
|
208 |
Network : Non-HTTP Traffic Over Port 80 |
|
Firewall or Network Flow Data |
LogRhythm Network Monitor, Next Gen Firewall |
Yes |
No |
|
209 |
Network : Network Monitor Activity Past 30 Minutes |
This investigation provides details on all network monitor activity for the past 30 minutes. |
LogRhythm Network Monitor |
|
No |
Yes |
Tails
|
ID |
Tail Name |
Tail Description |
Minimum Data Requirement |
Recommended Data Requirement |
Intelligent Indexing |
Network Monitor Required? |
|---|---|---|---|---|---|---|
|
38 |
LogRhythm Network Monitor All Activity Past 3 Minutes |
Returns all LogRhythm Network Monitor activity for the past three minutes. |
LogRhythm Network Monitor |
LogRhythm Network Monitor |
No |
Yes |