Configure NetMon in the Client Console
Only Global Admins and Restricted Admins with elevated View and Manage privileges can take this action.
For any Network Monitor you have added to your LogRhythm deployment, there are a number of configurations you might want to change. Some of these are available through the Network Monitors section of the LogRhythm SIEM Client Console.
For NetMon administration and configuration capabilities not described in this topic, see the LogRhythm NetMon API topic in the Network Monitor documentation..
- On the main toolbar, click Deployment Manager.
- Click the Network Monitors tab.
- Right-click the Network Monitor that you want to review, click Actions, and then click Capture Functions.
- Select one of the following capture functions.
- On. This is blacklist functionality.
- Off. This is whitelist functionality.
- Use the menu to add applications to the blacklist or whitelist.
For more information on applications and packet capture, see the Select Applications for Packet Capture topic in the Network Monitor documentation. - Click Apply, and then click Close.