Skip to main content
Skip table of contents

LogRhythm Intelligence Threat Summary

LogRhythm Intelligence shares log data collected by LogRhythm SIEM with the Exabeam New-Scale platform. Threats detected by New-Scale’s AI-driven security analytics are then ingested back into the LogRhythm SIEM using the Exabeam Case Beat. Once collected by the LogRhythm SIEM, the Web Console provides an AI-generated Threat Summary with at-a-glance information about each case. This guide describes the steps necessary to set up the Threat Summary feature.

Configuration Manager Setup

In order to view the New-Scale Threat Summary for Exabeam cases within the Web Console, you must first create an API connection between the Web Console and New-Scale.

Create an API Key in New-Scale

To create an API key in the New-Scale platform:

  1. Click on the Settings gear located at the lower-right hand corner of the screen.
    The Main Menu screen opens.

  2. In the Developer section, click on API keys.

  3. Click + New Keys.
    The API Keys dialog box opens.

  4. Enter the following details:

    1. Key Name: Give a unique identifying name to the key.

    2. Permissions: Open the Permissions drop-down and select Threat Center.

  5. Click Create to generate the API key.

  6. Copy the Key ID and Key Secret to a secure location, as they will be needed for the next section.

Setup the Web Console Configuration Manager

To add the API key to the Web Console Configuration Manager settings:

  1. Open the LogRhythm Configuration Manager.

  2. Select the Web Services tab on the left.

image-20250123-183958.png
  1. Enter the following information:

Field

Description

LR Intelligence API Base URL

Enter the New-Scale API base URL to which the API connection is made.

To find your API base URL, refer to the Exabeam API Gateways topic.

LR Intelligence Client ID

Enter the Key ID that was generated in the previous section.

LR Intelligence Client Secret

Enter the Key Secret that was generated in the previous section.

  1. Click Save.
    The API connection settings are successfully saved.

View the LogRhythm Intelligence Threat Summary

Once the API connection between the Web Console and New-Scale has been established, logs that are collected via the Exabeam Case Beat can display a threat summary in the Inspector Panel if the following conditions are met:

  • The API connection between the LogRhythm Web Console and New-Scale is successful.

  • The Threat ID field from New-Scale is successfully parsed, and displays within the LogRhythm Web Console as the “Alert ID.”

  • The New-Scale case associated with the parsed Alert ID has a generated threat summary.

Open the Inspector Panel

To view the Threat Summary within the LogRhythm Web Console’s Inspector Panel:

  1. Open the Cases tab, or perform a search that generates a list of logs collected via the Exabeam Case Beat.

  2. Select one of the Exabeam cases/logs from the list.

  3. Expand the Inspector Panel by clicking the tab on the right-hand side of the screen.

image-20250123-173854.png
  1. In the LogRhythm Intelligence Copilot section, if an Alert ID is present in the Alert ID field, click OK to generate a Threat Summary:

image-20250123-174114.png

If no Threat Summary is associated with the Alert ID, the Threat Summary section either remains empty or displays an “Alert ID not found” message.

If the Threat ID field is unable to be parsed from New-Scale, the LogRhythm Intelligence Copilot section is not available within the Inspector Panel.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.