Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.
To add LogRhythm NetMon to your LogRhythm SIEM deployment
- Obtain the external IP address of the server or appliance where LogRhythm NetMon is installed.
- Add the LogRhythm NetMon server or appliance as a host under the Entities tab. For more information on how to do this, see Add Host Records Manually.
- Obtain the API Key for the selected Network Monitor. To get the API Key, ask your LogRhythm NetMon administrator, or do the following:
- Log in to the LogRhythm NetMon Web Interface as the admin user.
- On the main toolbar, click Configuration.
- Click the User tab on the left.
The API Key appears at the top of the page.
- Copy the key.
- On the main toolbar of the Client Console, click Deployment Manager.
- Click the Network Monitors tab.
- Right-click the grid, and then click New.
The Network Monitor Properties dialog box appears.
- In the Name box, type a name for the Network Monitor.
- Click the Host icon.
The Host Selector window appears.
- Under Entity Filter, select the root entity where the Network Monitor host was added.
- Use the Text Filter box and Keyword or Regex options to filter the displayed hosts.
- Select the appropriate Network Monitor host from the list, and then click OK.
- In the Management/API Address box, type the external IP address of the Network Monitor.
- In the API Username box, type the login ID of the Network Monitor administrator. The default login is admin.
- In the API Key box, type or paste the Network Monitor API Key.
Click Test to connect to the Network Monitor and validate the API address, username, and key.
If the test fails, ensure that you have network connectivity to the IP address and verify that you are using the correct username and API key.
- After the connection test is successful, click OK.