LogRhythm users need a straightforward way to:
- Test the AI Engine (AIE) and Alarm rules that their analysts develop so they know that Alarms will generate as expected and that users can reliably and repeatedly replicate the inputs to the rule.
- Verify out-of-the-box (OOTB) AIE, Alarm, and Message Processing Engine (MPE) content, MPE rule regression and performance testing, and system load and stress testing.
- Demonstrate LogRhythm’s capabilities to prospects, customers, partners, and system integrators.
- Seamlessly author new use cases as needed to demonstrate or verify system behaviors—such as ransomware, financial fraud, and data exfiltration—that are specific to the target environment.
LogRhythm Echo provides these capabilities. Echo is a standalone Windows application with web and command line interfaces that simulates a LogRhythm System Monitor Agent and allows users to replay native raw logs and PCAPs into LogRhythm for demonstration, validation, and verification purposes. Easy to install, configure, and use, Echo leverages OOTB log source types and processing rules to enable users to quickly build, demo, validate, verify, and tear down security use cases. Echo comes with more than 30 use cases ready for replay, and users can create, modify, and share use cases using the web interface or a text editor.
Echo’s features allow users to:
- Load more than 30 verified, consistent, proven use cases that are easy to understand and explain.
- Use OOTB content for log source types, processing rules, AIE rules, and Alarm rules. Automatically create and delete required objects in the Platform Manager database.
- Quickly build, validate, demo, and tear down security use cases to test their LogRhythm deployment.
- Edit the included use cases and create new ones.
- Employ exotic log source types to create compelling and targeted security use cases.
- Use the LLX File Browser to add raw logs from the deployment to use cases.
- Import and export use cases, including raw logs and PCAPs, to share with other users.
- On-demand and continuous/predetermined use case replay.
- Use case log replay through a simulated Agent in native formats, such as APIs, Syslog, NetFlow, Check Point, flat files, and more. There are no custom log source types, raw logs, or special tags required.
- Run use cases by invoking the REST API from the command line (for instance, using cURL) or your favorite scripting language (such as PowerShell).