The Dataminr integration package for LogRhythm allows LogRhythm users to interact with threat intelligence in Dataminr directly from the LogRhythm Console by using a set of LogRhythm plugin actions. The integration package can perform functions such as retrieving Indicator details and reporting observations and false positives to Dataminr.
First, aggregated logs from LogRhythm are combined with user’s threat intelligence in Dataminr. Dataminr provides context with the indicators, and enables the security team to easily spot out-of-the-ordinary trends or patterns and act on them efficiently. Upon a correlation rule match, a smart rule will trigger a playbook and create an observation in Dataminr, updating an observable indicator dashboard simultaneously. On top of that, users in Dataminr can search LogRhythm via API to search for an indicator over a time period.
Features & Benefits
- Sends all available threat data from Dataminr into LogRhythm for validated alerting
- Provides the necessary context to be able to take action on the indicators
- Enables real-time threat analysis and indicator correlation
- Automates the detection of advanced threats
- Ensures that you are sending validated threat intelligence to LogRhythm
To enable the plugin, please reach out to your Dataminr Customer Success Manager.
