Only Global Admins and Restricted Admins with elevated View and Manage privileges can take this action.
For any Network Monitor you have added to your LogRhythm deployment, there are a number of configurations you might want to change. Some of these are available through the Network Monitors section of the LogRhythm SIEM Client Console.
-
On the main toolbar, click Deployment Manager.
-
Click the Network Monitors tab.
-
Right-click the Network Monitor that you want to review, click Actions, and then click Capture Functions.
-
Select one of the following capture functions.On. This is blacklist functionality.Off. This is whitelist functionality.
-
Use the menu to add applications to the blacklist or whitelist.
For more information on applications and packet capture, see the topic in the Network Monitor documentation. -
Click Apply, and then click Close.