Skip to main content
Skip table of contents

Add Host Records Manually

 You must be logged in as an Administrator to take this action.

  1. On the main toolbar, click Deployment Manager.
  2. Click the Entities tab, and then select the Entity to which you want to assign the Host.
  3. In the Entity Hosts pane at the lower-right, click New.
    The Host dialog box appears.
  4. On the Basic Information tab, enter the following details:

    FieldDescription
    Name (required)

    The name to assign to the new host.

    LogRhythm does not support hostnames that include spaces.

    Host Zone (required)Internal, DMZ, or External
    Operating SystemThe operating system of the new host. Click the ellipsis [...] button next to the Operating System box. In the Operating System Selector window, click your operating system in the list, and then click OK.
    Operating System VersionThe version of the selected operating system that is running on the new host.
    Host LocationThe geographic location of the new host. Click the ellipsis [...] button next to the Host Location box. In the Location Selector window, select the country, region, and city where the host is located.
    Brief DescriptionAn optional description of the new host.
    Host Risk Level (required)Represents the amount of risk developed if the system were to become compromised or the subject of some other issue. A value of 0 indicates that no risk is involved in the loss of this system. A value of 9 indicates the most risk would be incurred if the system were compromised. The risk level is relevant when the host is the impacted system, target, or is acted upon by external forces.
    Windows Event Log Credentials

    When the operating system is Windows, if you want the Agent to use different credentials for each host in the deployment when collecting Event Logs, select the Use specified credentials check box and provide the username and password to be used. If you do not select this option, the Agent uses its own service credentials.

    Multi-domain event log collection is only supported on Windows Vista, 7, 8, 2008, or 2012. Windows XP, 2000, and 2003 are not supported.

  5. On the Identifiers tab, enter Host Identifiers. Identifiers are used by the MPE to associate values in a log message to the correct host record. Available identifiers include static IP addresses, Windows names, and DNS names. Enter all aliases a host may have, but do not enter aliases that are subject to change. For example, a current IP that is assigned by DHCP could lead to misidentified logs because it changes.
  6. On the Host Roles tab, enter key contacts.
  7. On the Threat Level tab, designate the amount of threat that is developed if the system were to be the origin of actions. Select the Add to Global Source Threat List check box if there is any treat level other than 0 (none/no risk). A value of 1 (low-low (lowest threat)) means that actions originating from this host are of little cause for alarm or are possibly commonplace, and a value of 9 (high-high (highest threat)) means that this system should not be the source of outgoing actions and that there is the greatest threat to security if such events are observed.
  8. On the Additional Information tab, add any other useful information.
  9. Click OK.

    You can add an origin or impacted Host as the known Host from a log returned in search results. For more information, see the information on Context Menus.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.