LogRhythm SIEM Databases
The Web Console draws information from the following LogRhythm SIEM databases.
| This Web Console function... | Extracts data from this database... |
|---|---|
| Alarms | Alarms (LogRhythm_Alarms): The Alarms Database includes data related to all alarms, alarm notifications, and alarm histories generated by the LogRhythm Alarming and Response Manager (ARM). |
| Case Management | CMDB (LogRhythm_CMDB): The Case Management Database includes data for all cases as well as most of the associated evidence. |
| Dashboard Events Analyzer drill down | Events Database (LogRhythm_Events): Contains log data that qualified as an Event. |
| Dashboard Rate gauge/ Dashboard Trend chart | LogMart (LogRhythm_LogMart): Contains log metadata that qualified as an Event, or data that was sent because of a processing rule. LogMart also includes tracking statistics for the log data volume. |
| List Management | EMDB (LogRhythmEMDB): The Platform Manager Database includes all configuration information. |
| Reports | Alarms (LogRhythm_Alarms): The Alarms Database includes data related to all alarms, alarm notifications, and alarm |
| Search | Data Indexer (Elasticsearch): The Data Indexer's Elasticsearch contains all the collected log data (both raw logs and associated metadata). |
| User Preferences (layouts, settings, etc.) | EMDB (LogRhythmEMDB): The Platform Manager Database includes all configuration information. |