Platform Manager
Operating System
Databases
MSSQL
-
LogRhythm_Alarms
-
LogRhythm_CMDB
-
LogRhythm_Events
-
LogRhythm_LogMart
-
LogRhythmEMDB
LogRhythm Services
|
Service |
Description |
|---|---|
|
Admin API |
Administers the LogRhythm Deployment via API. |
|
AI Engine* |
Evaluates logs to determine if they match AIE Rules. |
|
AI Engine Cache Drilldown |
Orchestrates drill downs on AIE rules and sends results to the Web Console. |
|
AI Engine Communication Manager |
Sends logs from the Mediator to the AI Engine for evaluation. |
|
Alarm API |
REST API service to interact with data relating to Alarms and Events. |
|
Alarming and Response Manager |
Processes alarms for the deployment. |
|
API Gateway |
Passes data between components of the SIEM. |
|
Authentication API |
Handles authentication of service-to-service and user-to-service communication. |
|
Job Manager |
Reports on the LogRhythm Deployment. |
|
Metrics Collection |
Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
|
Metrics Database |
Collects and stores metrics from all the servers in the deployment. |
|
Metrics Web UI |
Shows the metrics collected via Grafana. |
|
Notification Service |
Sends notifications on AIE alarms. |
|
Search API |
API for LogRhythm Search. |
|
Service Registry |
Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
|
LogRhythm SQL Service |
Verifies if a SQL user is authorized to access data. |
|
System Monitor |
Collects logs and sends them to the Mediator for processing. |
|
TrueIdentity Sync Client* |
Syncs TrueIdentities with an Identity and Access Management (IAM) platform. |
|
Windows Authentication Service |
Verifies if a Windows user is authorized to access data. |
*These services are installed optionally on the PM
LogRhythm Applications
-
Client Console
-
Configuration Manager
-
Infrastructure Installer
Data Processor
Operating System
Databases
-
No Databases
LogRhythm Archives
-
Active and Inactive Archives
LogRhythm Services
|
Service |
Description |
|---|---|
|
API Gateway |
Passes data between components of the SIEM. |
|
Mediator Server Service |
Processes logs and sends them on for storage in the Data Indexer. |
|
Metrics Collection |
Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
|
Service Registry |
Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
|
System Monitor |
Collects logs and sends them to the Mediator for processing. |
Data Indexer
Operating System
Databases
-
Elasticsearch
LogRhythm Services
|
Service |
Description |
|---|---|
|
Bulldozer |
Registers the Elasticsearch Cluster name and Node/s in the EMDB. Writes Cluster statistics to the EMDB for use in the Deployment Monitor. |
|
Carpenter |
Reads EMDB table values that are required for ID to Value translation purposes and inserts them into Elasticsearch as individual Indices that are used by Columbo. |
|
Columbo |
Runs Investigations, Tails, AI Engine Drilldowns & Report query requests against Elasticsearch on behalf of the Web & Client Consoles. |
|
Elasticsearch |
Indexes and persists log data. |
|
GoMaintain |
Maintains disk space below a threshold (80% used by default) on the Cluster volume by removing older indices. |
|
LogRhythm API Gateway |
Passes data between components of the SIEM. |
|
LogRhythm Metrics Collection |
Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
|
LogRhythm Service Registry |
Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
|
Transporter |
Accepts batches of logs from DP and sends individual logs to Denorm. |
|
Watchtower |
Receives analytics data from CloudAI. |
Web Console
Operating System
Databases
-
No Databases
LogRhythm Services
|
Service |
Description |
|---|---|
|
API Gateway |
Passes data between components of the SIEM. |
|
Case API |
Handles requests involving setting, retrieving, and changing Case data. |
|
Metrics Collection |
Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
|
Service Registry |
Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
|
Threat Intelligence API |
Manages lookups against Threat Intelligence providers and is used in inspecting threat intelligence-relevant fields in the Analyzer Grid. |
|
Web Console API |
Routes requests for retrieving, setting, and creating data in the Web Console, as well as routing requests to other services. |
|
Web Console UI |
Manages static assets, proxies, and web services. The front-end of the Web Console that the browser communicates with. Pulls data retrieved from other APIs to display in the browser. |
|
Web Indexer |
Generates and maintains indices as caches for the Events and Alarms dashboards, Known Values, Search results, AIE Auto Drilldown, and logs attached to cases. |
|
Web Services Host API |
Searches, performs cached indices updates and SQL Server requests. |
Applications
-
Configuration Manager
System Monitor Agent
Operating System
-
Supported on many major operating systems. For a complete list, see System Monitor Compatibility and Functionality.
LogRhythm Services
|
Service |
Description |
|---|---|
|
System Monitor |
Collects logs and sends them to the Mediator for processing. |
AI Engine
Operating System
LogRhythm Services
|
Service |
LogRhythm Services |
|---|---|
|
AI Engine* |
Evaluates logs to determine if they match AIE Rules. |
|
AI Engine Communication Manager* |
Sends logs from the Mediator to the AI Engine for evaluation. |
*These services are installed optionally on the PM