Skip to main content
Skip table of contents

Configure LogRhythm SIEM NetMon API Integration

The API integration between LogRhythm SIEM and NetMon allows users to directly pull PCAP data from NetMon through the LogRhythm Web UI. This integration also provides a heartbeat and health monitoring function between the SIEM and NetMon.

Generate an API Token

To generate an API Token in NetMon:

  1. Click the Configuration tab.

  2. Click User from the left menu.

  3. Click on New API Token to generate a new Bearer token.

  4. Copy the API token at the top to a secure text document.
    This token is tied to the user account that is currently logged into NetMon, and you will use this API token in the steps below.

Configure the API in the LogRhythm Client Console

In the LogRhythm Client Console:

  1. Open Deployment Manager.

  2. Click the Network Monitors tab.

  3. Right-click an empty part of the table, and then click New.

  4. In the Name field, enter a name for the NetMon API connection.

  5. Click the Host icon next to the Host field, and select the NetMon host that was created for the log source, and then click OK.

  6. In the Management/API Address field, enter the NetMon's IP address.

  7. In the API Token field, enter the full API token of your NetMon, as obtained from the NetMon UI.

  8. Click Test.
    If all steps have been completed successfully and the SIEM instance can reach your NetMon, an "Authentication Succeeded" message appears.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close