Settings Page

Ingest Integration

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Ingest Integration.
The Ingest Integration page appears with two tabs: Ingest Integrations and Cyber Reason Integrations.
In the Ingest Integrations tab, the user can add, edit, or delete Shodan, Sophos, Carbon Black, CiscoAmp, Crowdstrike, and Windows Defender Ingest Integrations.
In the Cybereason Integrations tab, the user can add, edit, or delete Cybereason configurations.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Response Integration.
The user can add, edit, or delete Carbon Black and Palo Alto Response Integrations in this page.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click ServiceNow.
The user can now integrate ServiceNow into their NDR product.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Policy Management.
The Policy Management page appears with five tabs: Anomaly, Intel Rules, IDS Rules, Mistwatcher, and Whitelist.

Tab	Description
Anomaly	Anomaly credentials can be configured and updated here.
Intel Rules	Deploy Intel Rules can be added, edited, or deleted here.
IDS Rules	Users can add mapping in the Interface Configuration. Deploy IDS Rules can be added, edited, or deleted.
Mistwatcher	Mistwatcher rules and profiles can be added, edited, or deleted here.
Whitelist	Whitelists can be bulk uploaded, added, edited, or deleted in this tab.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Preferences.
The Preferences page appears with three tabs: Visible Fields, Incident Score Threshold, and Case Certainty Threshold.

Tab	Description
Visible Fields	The user can choose to show or hide certain fields in pages like Cases, Hunt Activity, Hunt-Geo activity, Hunt-Mitre, Incidents, and Policy Violations.
Incident Score Threshold	The user can adjust the Incident Score Threshold for Cases to be considered as Incidents.
Case Certainty Threshold	The user can adjust the Case Certainty Threshold for Events to be considered as Cases.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click SIEM Configuration.
The SIEM Configuration page appears with three tabs: Syslog, Okta, and Splunk.

Tab	Description
Syslog	Syslog can be configured and updated in this tab. The user can also set notification preferences here.
Okta	The Okta settings can be configured here.
Splunk	Splunk and Splunk Server configuration can be added here.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Operational.
Click Email Notification.
The user can add, edit, or delete email alerts configuration and can also configure the kind of alerts a particular email receives.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Operational.
Click SMTP Settings.
The user can configure and test SMTP settings in this page.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Operational.
Click Operator.
In this page, the user can add, delete, or edit NDR operators, reset their passwords, see their status, etc.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Operational.
Click Proxy.
The user can add, delete, or edit proxy settings and see their status.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Operational.
Click Data Masking.
In this page, the user can see the available fields and masked fields. They can also move a particular field from an available field to a masked field and vice versa.

Log in to LogRhythm NDR’s new UI.
Click Settings from the sidebar menu and then click Operational.
Click Feature Configuration.
In this page the user can enable or disable certain features like NetFlow and PCAP.