Configure LogRhythm SIEM NetMon API Integration
The API integration between LogRhythm SIEM and NetMon allows users to directly pull PCAP data from NetMon through the LogRhythm Web UI. This integration also provides a heartbeat and health monitoring function between the SIEM and NetMon.
Generate an API Key
To generate an API Key in NetMon:
Click the Configuration tab.
Click User from the left menu.
Copy the API key at the top to a text document.
This key is tied to the user account that is currently logged into NetMon, and you will use both the API key and the user name in the steps below.
Configure the API in the LogRhythm Client Console
In the LogRhythm Client Console:
Open Deployment Manager.
Click the Network Monitors tab.
Right-click an empty part of the table, and then click New.
In the Name field, enter a name for the NetMon API connection.
Click the Host icon next to the Host field, and select the NetMon host that was created for the log source, and then click OK.
In the Management/API Address field, enter the NetMon's IP address.
In the API Username field, enter your NetMon username, preferably a username with admin privileges.
In the API Key field, enter the full API key of your NetMon, as obtained in the first section of this guide.
Click Test.
If all steps have been completed successfully and the SIEM instance can reach your NetMon, you will see an "Authentication Succeeded" message.