LogRhythm SysMon enables customers to fulfill security and compliance use cases by performing data collection and generating rich host activity data. An optional component for the LogRhythm TLM platform, LogRhythm SysMon is a software agent that operates on endpoints, servers, and virtual machines running Windows, Linux, and UNIX.

 Endpoint Monitoring Capabilities 

  •   File Integrity Monitoring prevents corruption of key files by identifyingwhen and by whom files andassociated permissions are created,viewed, modified, and deleted.
  • Independent Process Monitoring reports process and service activity,reports process and service activity,enabling detection of criticalbehavior, such as critical processesstopping and new/blacklistedprocesses (e.g., Tor) starting.
  • Windows Registry Monitoring flags registry additions, modifications,deletions, permission (ACL)changes, and more. This providesthe details necessary to detectadvanced threats, compromisedendpoints, and more.
  • Network Connection Monitoring provides a detailed, independentprovides a detailed, independentlog of all network connectionsopened and closed on a host,helping LogRhythm detect criticalevents, such as connections withunauthorized servers.
  • User Activity Monitoring logs any user that authenticates to anendpoint, creating a forensic recordto supplement and validate localauditing systems.
  • Data Loss Defender monitors data transfers to and from removablemedia, such as USB drives, andcan optionally block transfers onspecific machines and devices.

LogRhythm SysMon for Data Collection 

LogRhythm SysMon enables threat detection and response by consolidating and collecting log and machine data from local and remote environments and cloud infrastructure. Functioning as an agent-based data collector, it complements our agentless data collection options to facilitate the aggregation of log data, security events, and other machine data.

 LogRhythm SysMon for Endpoint Monitoring & Forensics

Addressing advanced threats, compliance violations, and operational issuesAddressing advanced threats, compliance violations, and operational issuesrequires deep visibility into your environment, including the ability to correlatehost activity with additional network information. Unfortunately, many categoriesof critical endpoint data are not available from Windows event logs and othertypical sources. Even when available, many of these logs lack the level of detailnecessary to achieve true visibility. Filling these gaps usually requires one ormore additional agent-based solutions to perform independent monitoring.

LogRhythm SysMon’s integrated endpoint monitoring and forensics capabilitiesLogRhythm SysMon’s integrated endpoint monitoring and forensics capabilitiesperform independent logging of host activity. This telemetry enables multidimensionalanalysis of your wider environment, allowing you to:

  • Detect and respond to security threats, including zero-day attacks
  • Automate and enforce compliance with HIPAA, PCI, SOX, and otherAutomate and enforce compliance with HIPAA, PCI, SOX, and othercompliance regimes
  • Monitor for operational issues, such as system and application failures

 Extending the SmartResponse Automation Framework

LogRhythm SysMon extends the reach and flexibility of the LogRhythmLogRhythm SysMon extends the reach and flexibility of the LogRhythmSmartResponseTM automation framework. Together, the technologies canautomatically or manually perform actions on an endpoint, such as:

  • Monitoring the host to generate diagnostic and forensic data for accurateMonitoring the host to generate diagnostic and forensic data for accurateroot cause analysis
  • Disabling the network interface card for a compromised host
  • Starting or disabling a process and collecting related information

LogRhythm SYSMON DATA SHEET DOWNLOAD Sysmon.jpg

LogRhythm SysMon Comparison Chart

 SysMon Lite  SysMon Pro
 Ideal for Desktop Environments  Ideal for Server Environments
  •  Centralized management and updates
  • Guaranteed collection
  • TLS-encrypted communication
  • 10:1 data compression for transport
  • Remote data aggregation
  • Timestamp normalization
  • Scheduled collection
  • TCP forwarding
  •  Centralized management and updates
  • Guaranteed collection
  • TLS-encrypted communication
  • 10:1 data compression for transport
  • Remote data aggregation
  • Timestamp normalization
  • Scheduled collection
  • TCP forwarding
  •  Desktop endpoint monitoring
    • Windows Registry Monitoring for Desktops
    • Independent process monitoring
    • Network connection monitoring
    • User activity monitoring
    • Data Loss Defender for local storage devices
  • File integrity monitoring for desktops and point of sale systems
    • Detect reads, modifications, and deletions
    • Identify specific user or application
    • Support for policy layering
  •  Server endpoint monitoring
    • Windows Registry Monitoring for Servers
    • Independent process monitoring
    • Network connection monitoring
    • User activity monitoring
    • Data Loss Defender for local storage devices
  • File integrity monitoring for servers
    • Detect reads, modifications, and deletions
    • Identify specific user or application
    • Support for policy layering


 High-volume log collection

      • Syslog
      • UDP/TCP and secure syslog
      • Flat files (single-line and multi-line, compressed or uncompressed)
      • Windows Events, including custom event logs

 

  • High-volume log collection
    • Syslog
    • UDP/TCP and secure syslog
    • Flat files (single-line and multi-line, compressed or uncompressed)
    • Windows Events, including custom event logs and database logs
    • Vendor-specific APIs (e.g., IBM iSeries, Cisco SDEE, Check Point OPSEC,Vendor-specific APIs (e.g., IBM iSeries, Cisco SDEE, Check Point OPSEC,Sourcefire eStreamer)
    • Cloud-based APIs (e.g., AWS, Azure, Box, Skyhigh, Salesforce)
    • Flow data (e.g., IPFIX, NetFlow, sFlow, J-Flow, SmartFlow)
    • SNMP
    • Vulnerability data (e.g., Qualys, Rapid7, Tenable Security Center)
    • LogRhythm Universal Database Log Adapter for system and customLogRhythm Universal Database Log Adapter for system and customlogs written to database tables (e.g., Oracle, SQL Server, MySQL);ODBC & JDBC protocols
  • Unidirectional communications for classified environments
    • Integration with one-way data diodes
  • Support for classified/top-secret environments

Trusted by the Best