Network Detection and Response User Guide – Tails

This section includes the Tails that are included in the Network Detection and Response Module.

LogRhythm Network Monitor All Activity Past 3 Minutes

Tail ID: 38

An organization can decide if certain network applications should not be used within its network. This could cover both misuse and security concerns. Seeing all network traffic can be useful for diagnosing issues with a Network Monitor deployment. When investigating a host for signs of suspicious activity, it can be useful to see all network traffic for that host. Customize this Tail by adding New Field Filters for specific hosts. This Tail can also be customized by including filters based on any additional LogRhythm field. For example, find all network traffic for an application, user, or country.

Minimum Log Sources

LogRhythm Network Monitor

Recommended Log Sources

LogRhythm Network Monitor

Configuration

In the Tail selection window, single-click this Tail and then Next. Once on the Specify Event Selection window, use the Add New Field Filter dropdown box to select additional query criteria.

Actions

Using this Tail is dependent on what additional filters were used.