Skip to main content
Skip table of contents

Cybereason, Sophos, and Shodan Integrations

For information on configuring your firewall to allow outbound communication for these integrations, see LogRhythm NDR Prerequisites.

Add New Cybereason, Sophos, and Shodan Integrations

  1. Log in to the LogRhythm NDR UI.
  2. Click the Settings tab, click Endpoint and then either CybereasonSophos, or Shodan, depending on the integration being added.
    The Endpoint page appears.
  3. Enter the credentials in the Endpoint fields and click Save.
    The integration is now complete within LogRhythm NDR.

Verify Cybereason, Sophos, and Shodan Integrations

  1. Click the Hunt tab, and then click Activity.
    The Activity page appears. By default, the legend graph is displayed, showing the logs and events for the past hour.
  2. To view the integration events alone, click ThirdPartyEvent on the graph. 
    The integration-related events appear.
  3. To view the integration, click the Discover icon located to the left of the search field, and then click General.
  4. Select the Origin option and click the visualize icon (which is the bar graph icon) for the option. 
    If events do not display, you may have to change the time range.

  5. To single out data for a selected filter, click the addfilter option in the Discover drop-down menu. 
    For example, use the "entry_origin" filter (entry_origin: "Cybereason"; entry_origin: "Sophos"; or entry_origin: "Shodan") to filter the engine that detected the traffic, giving you the following options:
    1 - Distributed Analytics Engine
    2 - Host Compliance Engine
    3 - Network Analysis Engine
    4 - Rules Engine
    The Value based Filters & Aggregations dialog box appears.

  6. To add the filter to the item displayed in the Value based Filters & Aggregations dialog box, click the icon next to the item. Conversely, to remove the filter, click the - icon next to the item.

  7. To view the integration events, click the + icon. 

Edit Existing Cybereason, Sophos, and Shodan Integrations

  1. Click the Settings tab, click Endpoint and then either CybereasonSophos, or Shodan, depending on the integration being edited.
    The Endpoint page appears.
  2. To make changes to an existing integration, click the green Edit icon in the Actions column.
    The Edit Operator page appears.
  3. Once changes have been made, click Update.
    The endpoint integration is updated within LogRhythm NDR.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close