Network Detection and Response – Investigations and Tails
Investigations
ID | Investigation Name | Investigation Description | Minimum Data Requirement | Recommended Data Requirement | Intelligent Indexing | Network Monitor Required? |
---|---|---|---|---|---|---|
205 | Network : Unauthorized/Risky Application Usage | This investigation provides details on all unauthorized or risky application usage. Unauthorized or risky applications are defined by the user in the list "NBAD": Unauthorized/Risky Applications". | LogRhythm Network Monitor |
| Yes | Yes |
206 | Network : Blacklisted Country Activity | Firewall or Network Flow Data | LogRhythm Network Monitor, Next Gen Firewall | Yes | No | |
207 | Network : Non-Whitelisted Country Activity | Firewall or Network Flow Data | LogRhythm Network Monitor, Next Gen Firewall | Yes | No | |
208 | Network : Non-HTTP Traffic Over Port 80 | Firewall or Network Flow Data | LogRhythm Network Monitor, Next Gen Firewall | Yes | No | |
209 | Network : Network Monitor Activity Past 30 Minutes | This investigation provides details on all network monitor activity for the past 30 minutes. | LogRhythm Network Monitor |
| No | Yes |
Tails
ID | Tail Name | Tail Description | Minimum Data Requirement | Recommended Data Requirement | Intelligent Indexing | Network Monitor Required? |
---|---|---|---|---|---|---|
38 | LogRhythm Network Monitor All Activity Past 3 Minutes | Returns all LogRhythm Network Monitor activity for the past three minutes. | LogRhythm Network Monitor | LogRhythm Network Monitor | No | Yes |