LogRhythm Geolocation is a key function in enterprise log management and SIEM that equips an organization with global awareness. You can use network visualization and relationship mapping to establish customized geolocation settings. LogRhythm Professional Services can help you set the GeoIP Resolution to the country level so you can achieve global event awareness without bogging down your SIEM. With the specific guidelines recommended in the RMiT publication, geolocation functionality can serve many purposes for an organization maturing its security posture.
For example, one of the domains regarding data outlined in the RMiT requires that the organization implement appropriate protections when hosting information and storage on premises or within cloud services (which could have your data all over the globe). Additionally, you can monitor inbound traffic from countries with strict data protection laws or with known high-risk for malicious activity. The RMiT module contains AIE rules and alarms designed to notify appropriate individuals if new data subjects enter personal data into your environment. This functionality empowers your organization to apply policies and ensure you are in compliance with the RMiT data protection requirements.
To use GeoIP functionality, a LogRhythm administrator must enable the feature in the Data Processor’s advanced settings. When applying the GeoIP functionality to the deployment, choose a level of granularity that fits your resources and requirements. From least to most granular the following settings can be established: Country, Region, City. When you add this location context to pertinent log data, it can be a vital tool that can be used to meet various log monitoring objectives.
Refer to LogRhythm’s Geolocation Feature Description: LogRhythm GeoLocation Visualization.
CCF: GeoIP Blacklisted Region Activity
Security : Suspicious
CCF: GeoIP Inv
CCF: GeoIP General Activity
Operations : Information
CCF: GeoIP Inv