Logrhythm Central Administration – Novice To Professional

Complete step by step Core Administration tasks of daily operations

What you'll learn

Course Introduction

LogRhythm Architecture Overview

LogRhythm Data Management

Client Console and Web Console Overview

Entities Management

List Management

Knowledge Base Management

User's Profiles

System Settings

Data Masking

Global Log Processing Rules

Client Console Investigation

Report Center

Second Look Wizard

System Monitor

Log Sources

Advance Intelligence Engine

Alarm Rules

Custom Dashboard Creation

Alarm Management

Case Management

Database Management

Threat Intelligence

Configuration Assessment and Health Check

Requirements

Basic Understanding of SIEM technology

Description

Hello everyone and welcome to the LogRhythm Central Administration Course. I am glad you are here and I am glad you have enrolled.My name is Adeel and I am a Cyber Security Engineer with more than 10 years of experience. I will be your instructor on this course.If you are new to LogRhythm & you have never used LogRhythm before so this is the perfect course for you. I am assuming that you have no prior knowledge of LogRhythm Administration and by the time you are done with this course, you are going to have a very good understanding of LogRhythm Administration and you will have expertise in LogRhythm Administration.My goal in this course is to help you in understanding LogRhythm Architecture and step by step performing Administration task of LogRhythm SIEM.This is the course I wish had existed when I was first starting LogRhythm Deployment and Administration.This is not going to be just a quick how to get up and run. I really want to make sure to perform all the administrative tasks which will help you in your daily routine.I want to take a few minutes and I want to walk through to the curriculum because I need you to understand what you are going to learn before you jump into the course material.Let’s go ahead and take a look at that right now.This course is broken up into 23 main sections and.Number one is LogRhythm Architecture Overview: In this section we will see what is LogRhythm SIEM. How Many components LogRhythm have. Also, we will see the workflow and life of log in LogRhythm.Number two is Data Management: In this section we will talk about LogRhythm classifications, common events and metadata. Also, we will see the LogRhythm data storage Architecture.Number three is Client console and web console: In this section we will perform a complete overview of client and web console and will have full understanding of client console and web console.Number four is Entities Management: In this section we will talk about LogRhythm entities and types. We will create entities and add network and host records in it. Also, we will create bulk entities by csv file.Number five is List management: in this section we will talk about list management in detail. We will create a list and also, we will retire and expire the list.Number six is Knowledge base management: in this section we will see the knowledge base architecture and also how to enable modules in knowledge base.Number seven is User’s Profiles: In this section we will talk about user records and profile management. We will create users and roles. We will assign permissions to created users and limit them to entities.Number eight is System settings: in this section we will check the global risk base priority. How it works and also, we will see the RBP calculator.We will see the global settings and data management. We will perform active directory synchronization. We will use true identity tool to fetch users and groups data from active directory which helps in identifying users easily.we will change the component logging levels. And we will see service account and archive path.Number nine is data masking: in this section we will see what data masking is and how it works. We will apply data masking on live logs and also, we will talk about scenarios in which data masking must be applied.Number ten is global log processing rules (GLPR): In this section we will see what is GLPR. Why do we need GLPR and how to create GLPR.Number 11 is client console investigation: in this section we will see how to investigate logs in client console. How to create graphs on investigated logs in client console. How to use tail to see Realtime logs and how to create personal dashboard in client console.Number 12 is the Report center: in this section we will talk about report templates and report types. We will create a sample report on logs data. We will create a report package and we will see how to schedule a report package. Also, we will see how to get reports with Grafana.Number 13 is Second Look Wizard: in this section we will see how to restore logs with the help of Second Look Wizard. Also, we will restore logs with the help of LogRhythm archive utility. This is a very powerful utility to restore logs. I will show you how it works.Number 14 is System Monitor: in this section we will talk about types of system monitor agents. We will see how to deploy it and how to perform advanced configuration of the system monitor. Also, we will initiate smart responses with the help of system monitor agents.Number 15 is Log Source: in this section we will have a complete overview of LogRhythm supported log sources. We will integrate some log sources with LogRhythm like windows, Linux, web server and database. We will also see the method of bulk log source integration by which you can integrate hundreds of log sources in one go. Then we will talk about log source virtualization and see how it works.Number 16 is Advance Intelligence engine: in this section we will have a complete overview of AI engine and its common configurations. We will talk about rule block types. We will create new use cases and also modify some existing use cases. We will also execute smart responses from AI engine.Number 17 is Alarm Rules: in this section we will have a complete overview of alarm rules. We will see the difference between alarm rules and ai engine rules. We will also enable some alarm rules and test it.Number 18 is Custom dashboard creation: in this section we will create custom dashboard and add multiple widgets in it then we will modify that widget according to our requirement. Also, we will get help from Lucene query to customize the widgets and dashboard.Number 19 is alarm management: in this section we will see how to manage alarms and how to investigate the alarm and also how to link multiple alarms in one view.Number 20 is case management: in this section we will talk about case management. How to create a new case and how to add collaborator in case. How to set case priorities and how to check the status and work flow. Also, we will talk about case resolution.Number 21 is database management: In this section we will see how to create LogRhythm database backup job and also how to set up database cleanup job.Number 22 is Threat intelligence: in this section we will install threat intelligence tools and configure it. We will enable the threat intelligence module after installation and then we will associate it with the lists.Number 23 is Configuration assessment and Health check: in this section we will perform complete assessment and health check of LogRhythm integrated Log sources, MPE Rules and AI engine. We will also use LogRhythm diagnostic tool to check the health status of LogRhythm Components.

Overview

Section 1: Introduction

Lecture 1 Course Introduction

Section 2: LogRhythm Architecture Overview

Lecture 2 LogRhythm Architecture Overview

Section 3: LogRhythm Data Management

Lecture 3 LogRhythm Data Management

Section 4: Client Console and Web Console Overview

Lecture 4 Client Console and Web Console Overview

Section 5: Entities Management

Lecture 5 Entities Management

Section 6: List Management

Lecture 6 List Management

Section 7: Knowledge Base Management

Lecture 7 Knowledge Base Management

Section 8: User's Profiles

Lecture 8 User's Profiles

Section 9: System Settings

Lecture 9 009 -1- System Settings

Lecture 10 009 -2- Global Settings, Data Management and AD Synchronization

Lecture 11 009 -3- Component log level - Service Account and Archive Path

Section 10: Data Masking

Lecture 12 Data Masking

Section 11: Global Log Processing Rules

Lecture 13 Global Log Processing Rules

Section 12: Client Console Investigation

Lecture 14 Client Console Investigation

Section 13: Report Center

Lecture 15 Report Center

Section 14: Second Look Wizard

Lecture 16 Second Look Wizard

Section 15: System Monitor

Lecture 17 System Monitor

Section 16: Log Sources

Lecture 18 Log Sources

Section 17: Advance Intelligence Engine

Lecture 19 Advance Intelligence Engine

Section 18: Alarm Rules

Lecture 20 Alarm Rules

Section 19: Custom Dashboard Creation

Lecture 21 Custom Dashboard Creation

Section 20: Alarm Management

Lecture 22 Alarm Management

Section 21: Case Management

Lecture 23 Case Management

Section 22: Database Management

Lecture 24 Database Management

Section 23: Threat Intelligence

Lecture 25 Threat Intelligence

Section 24: Configuration Assessment and Health Check

Lecture 26 Configuration Assessment and Health Check

System Administrators,LogRhythm Administrators,LogRhythm Analysts,SOC Engineers