Logrhythm Central Administration – Novice To Professional
Logrhythm Central Administration – Novice To Professional
Published 3/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.69 GB | Duration: 5h 12m
Published 3/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.69 GB | Duration: 5h 12m
Complete step by step Core Administration tasks of daily operations
What you'll learn
Course Introduction
LogRhythm Architecture Overview
LogRhythm Data Management
Client Console and Web Console Overview
Entities Management
List Management
Knowledge Base Management
User's Profiles
System Settings
Data Masking
Global Log Processing Rules
Client Console Investigation
Report Center
Second Look Wizard
System Monitor
Log Sources
Advance Intelligence Engine
Alarm Rules
Custom Dashboard Creation
Alarm Management
Case Management
Database Management
Threat Intelligence
Configuration Assessment and Health Check
Requirements
Basic Understanding of SIEM technology
Description
Hello everyone and welcome to the LogRhythm Central Administration Course. I am glad you are here and I am glad you have enrolled.My name is Adeel and I am a Cyber Security Engineer with more than 10 years of experience. I will be your instructor on this course.If you are new to LogRhythm & you have never used LogRhythm before so this is the perfect course for you. I am assuming that you have no prior knowledge of LogRhythm Administration and by the time you are done with this course, you are going to have a very good understanding of LogRhythm Administration and you will have expertise in LogRhythm Administration.My goal in this course is to help you in understanding LogRhythm Architecture and step by step performing Administration task of LogRhythm SIEM.This is the course I wish had existed when I was first starting LogRhythm Deployment and Administration.This is not going to be just a quick how to get up and run. I really want to make sure to perform all the administrative tasks which will help you in your daily routine.I want to take a few minutes and I want to walk through to the curriculum because I need you to understand what you are going to learn before you jump into the course material.Let’s go ahead and take a look at that right now.This course is broken up into 23 main sections and.Number one is LogRhythm Architecture Overview: In this section we will see what is LogRhythm SIEM. How Many components LogRhythm have. Also, we will see the workflow and life of log in LogRhythm.Number two is Data Management: In this section we will talk about LogRhythm classifications, common events and metadata. Also, we will see the LogRhythm data storage Architecture.Number three is Client console and web console: In this section we will perform a complete overview of client and web console and will have full understanding of client console and web console.Number four is Entities Management: In this section we will talk about LogRhythm entities and types. We will create entities and add network and host records in it. Also, we will create bulk entities by csv file.Number five is List management: in this section we will talk about list management in detail. We will create a list and also, we will retire and expire the list.Number six is Knowledge base management: in this section we will see the knowledge base architecture and also how to enable modules in knowledge base.Number seven is User’s Profiles: In this section we will talk about user records and profile management. We will create users and roles. We will assign permissions to created users and limit them to entities.Number eight is System settings: in this section we will check the global risk base priority. How it works and also, we will see the RBP calculator.We will see the global settings and data management. We will perform active directory synchronization. We will use true identity tool to fetch users and groups data from active directory which helps in identifying users easily.we will change the component logging levels. And we will see service account and archive path.Number nine is data masking: in this section we will see what data masking is and how it works. We will apply data masking on live logs and also, we will talk about scenarios in which data masking must be applied.Number ten is global log processing rules (GLPR): In this section we will see what is GLPR. Why do we need GLPR and how to create GLPR.Number 11 is client console investigation: in this section we will see how to investigate logs in client console. How to create graphs on investigated logs in client console. How to use tail to see Realtime logs and how to create personal dashboard in client console.Number 12 is the Report center: in this section we will talk about report templates and report types. We will create a sample report on logs data. We will create a report package and we will see how to schedule a report package. Also, we will see how to get reports with Grafana.Number 13 is Second Look Wizard: in this section we will see how to restore logs with the help of Second Look Wizard. Also, we will restore logs with the help of LogRhythm archive utility. This is a very powerful utility to restore logs. I will show you how it works.Number 14 is System Monitor: in this section we will talk about types of system monitor agents. We will see how to deploy it and how to perform advanced configuration of the system monitor. Also, we will initiate smart responses with the help of system monitor agents.Number 15 is Log Source: in this section we will have a complete overview of LogRhythm supported log sources. We will integrate some log sources with LogRhythm like windows, Linux, web server and database. We will also see the method of bulk log source integration by which you can integrate hundreds of log sources in one go. Then we will talk about log source virtualization and see how it works.Number 16 is Advance Intelligence engine: in this section we will have a complete overview of AI engine and its common configurations. We will talk about rule block types. We will create new use cases and also modify some existing use cases. We will also execute smart responses from AI engine.Number 17 is Alarm Rules: in this section we will have a complete overview of alarm rules. We will see the difference between alarm rules and ai engine rules. We will also enable some alarm rules and test it.Number 18 is Custom dashboard creation: in this section we will create custom dashboard and add multiple widgets in it then we will modify that widget according to our requirement. Also, we will get help from Lucene query to customize the widgets and dashboard.Number 19 is alarm management: in this section we will see how to manage alarms and how to investigate the alarm and also how to link multiple alarms in one view.Number 20 is case management: in this section we will talk about case management. How to create a new case and how to add collaborator in case. How to set case priorities and how to check the status and work flow. Also, we will talk about case resolution.Number 21 is database management: In this section we will see how to create LogRhythm database backup job and also how to set up database cleanup job.Number 22 is Threat intelligence: in this section we will install threat intelligence tools and configure it. We will enable the threat intelligence module after installation and then we will associate it with the lists.Number 23 is Configuration assessment and Health check: in this section we will perform complete assessment and health check of LogRhythm integrated Log sources, MPE Rules and AI engine. We will also use LogRhythm diagnostic tool to check the health status of LogRhythm Components.
Overview
Section 1: Introduction
Lecture 1 Course Introduction
Section 2: LogRhythm Architecture Overview
Lecture 2 LogRhythm Architecture Overview
Section 3: LogRhythm Data Management
Lecture 3 LogRhythm Data Management
Section 4: Client Console and Web Console Overview
Lecture 4 Client Console and Web Console Overview
Section 5: Entities Management
Lecture 5 Entities Management
Section 6: List Management
Lecture 6 List Management
Section 7: Knowledge Base Management
Lecture 7 Knowledge Base Management
Section 8: User's Profiles
Lecture 8 User's Profiles
Section 9: System Settings
Lecture 9 009 -1- System Settings
Lecture 10 009 -2- Global Settings, Data Management and AD Synchronization
Lecture 11 009 -3- Component log level - Service Account and Archive Path
Section 10: Data Masking
Lecture 12 Data Masking
Section 11: Global Log Processing Rules
Lecture 13 Global Log Processing Rules
Section 12: Client Console Investigation
Lecture 14 Client Console Investigation
Section 13: Report Center
Lecture 15 Report Center
Section 14: Second Look Wizard
Lecture 16 Second Look Wizard
Section 15: System Monitor
Lecture 17 System Monitor
Section 16: Log Sources
Lecture 18 Log Sources
Section 17: Advance Intelligence Engine
Lecture 19 Advance Intelligence Engine
Section 18: Alarm Rules
Lecture 20 Alarm Rules
Section 19: Custom Dashboard Creation
Lecture 21 Custom Dashboard Creation
Section 20: Alarm Management
Lecture 22 Alarm Management
Section 21: Case Management
Lecture 23 Case Management
Section 22: Database Management
Lecture 24 Database Management
Section 23: Threat Intelligence
Lecture 25 Threat Intelligence
Section 24: Configuration Assessment and Health Check
Lecture 26 Configuration Assessment and Health Check
System Administrators,LogRhythm Administrators,LogRhythm Analysts,SOC Engineers