Log Collection in Web Console
LogRhythm version 7.14 introduces Open Collector and SIEM integration, allowing users to view and manage Open Collectors and Beats from the Web Console. After updating the SIEM to 7.14 and the Open Collector to the latest version, the Long-Running LRCTL service needs to be configured and initialized. This service runs in the background on the Open Collector and manages the configurations applied in the LogRhythm Web Console.
You must initialize the Long-Running LRCTL service to work with Open Collectors and Beats in the Web Console. For instructions on how to initialize the service, see Configure Open Collector Connection to the SIEM.
The following Beats are available to configure in the Web Console:
AWS S3
Azure Event Hub
Carbon Black Cloud
Cisco AMP
Darktrace
Duo Authentication Security
Gmail Message Tracking
GSuite
Kafka
Microsoft Graph API
Okta
Prisma Cloud
Proofpoint
PubSub
Qualys FIM
Sophos Central
Symantec WSS