Client Console Analyst Guide
The LogRhythm SIEM platform allows analysts to efficiently capture logs and use advanced analytics to surface known and unknown threats, all while automating manual tasks with embedded security orchestration, automation, and response (SOAR) capabilities.
Filters and Wizards | Filtering is used in searches and configuration in many parts of the LogRhythm Client Console, including AI Engine Rules, Alarms, Investigations, Tails, and Reports. |
General Console Features | Some basic functionality of the Client Console is used in multiple tools and windows. This includes exporting data and generating crash reports. |
Layouts | Layouts consist of the look and feel for how widgets appear within the Personal Dashboard and Investigate. |
Lists in the Client Console | Lists provide a mechanism for organizing and saving common search criteria used within filters throughout the Client Console. |
Message Processing Engine Rule Builder | The MPE Rule Builder allows you to view, create, and edit new MPE base rules and sub-rules. New rules are needed to collect and process logs from any new log source type. |
Monitor, Search, and Analysis | Monitoring, searching, and analyzing are done through a number of features in the Client Console. These include: Alarm Viewer, Investigator, Personal Dashboard, Quick Search Toolbar, Tail, and TopX Analysis. |
My LogRhythm | The My LogRhythm menu provides access to several tools that allow you to modify preferences, settings, and records in LogRhythm that are unique to you. |
Report Center | The Report Center includes predefined templates, reports, and Report Packages, which are sets of reports that pertain to a single topic such as security compliance standards, usage auditing, or LogRhythm diagnostics. |