What is your primary use case for LogRhythm NextGen SIEM?

LogRhythm works within the core of our SOC. It's where our analysts work every day and where we do all of our investigatory work for security incidents. It created our security posture. It is the central component of all of our security tools and it is the heartbeat of our SOC and our daily operations. It sets the tone for everything that we do.

We have a lot of use cases. Originally, it started out pulling in a bunch of the logs so we could get some ideas on network traffic. More recently, we have proceeded with pulling in logs from some of our other vendors. This really helped out a lot with our AV, which didn't always notify us as quickly as we wanted it to. LogRhythm made it possible for us to get notifications faster so that we can remediate things faster. We've been expanding it more and more as we've gone through the years to include more traffic, giving us more insight into our network.

We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.

It's our primary threat-hunting tool. We use it to look for anomalies. We use it for investigations. We use it for just about everything security related. If we find it in another tool, we use the SIEM to cross reference what activity we would see either from that user or from that machine that we saw in the other tool.

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

Mostly, the use cases involve detecting lateral movements, malware infections, and insider threats. We serve small, medium, and large companies, mostly in the finance sector, here in Sri Lanka.

NextGen SIEM is primarily used by the SOC team to detect attacks.

Its primary use cases are log aggregation, security information, and event management correlation. All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

I am a security architect, so I don't develop the use cases with the customers if they deliver a team who is in charge of these activities. Depending on the case of the customer, we define something with the customers, according to the technical sessions that we have with them. I prepare all the documentation for the delivery team and present the project. LogRhythm is deployed on-prem. There are about 60 people using this solution in my organization.

LogRhythm is a cybersecurity solution. It's used for detection, lateral movement or initial access.

I'm a user, administrator, and analyst. We are using version 7.4. The solution is deployed on-premise. Three people are working with this product in our company.

Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

We use it for log ingestion and monitoring activity in our environment.

Private monitoring is our primary use case.

Our primary use case is for financial companies and telcos.

We typically consult with our clients and help them with necessary services.

We use multiple instances as dark sites. We have roughly 350-400 hosts per site consisting of 4K to 5K log sources.

We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior.

Our primary use case is for general log monitoring. We do not use it as a SIEM.

Our primary use case is for looking at daily logs, drawing conclusions, and making relationships and correlations to investigate particular event IDs, investigate particular alarms that we have, and just viewing normal data use. I'm new to the system so I'm still getting used to it.

My primary use case is for log retention. I've been using it for analysis, and to troubleshoot potential issues on my network and infrastructure. To find out what I have in my network that may be causing problems.

Our primary use case for LogRhythm is using the log ingestion and analytic features.

The primary use case is tying all of our log sources together between all of our Windows servers, network devices, and we've recently added all of our cloud infrastructure as well. So it's really tying all those together, correlating all those logs and getting us one central pane of glass really as it relates to all of our logging activities.

The primary use case for our LogRhythm product is to maintain PCI compliance across all of our environment. We also use it to monitor authentication and monitor our perimeter for security threats.

Our primary use case for using the LogRhythm SIEM product is reviewing alarms, events, and managing our cases for forensic investigation.

The primary use case for this solution is to monitor our environment and ensure that we are not having any breaches. In addition, this solution allows us to maintain compliance with HIPAA .

Our primary use case for bringing on a SIEM in general was the need to correlate our data across dozens of different solutions that were spitting out logs. We got to a level of complexity where it became mandatory.

My primary use case is threat detection.

My primary use case for this solution is to basically monitor the network to make sure that we don't have unknown users or individuals that should not be in our network. So we use it basically to aggregate our logs within our system and to watch it for possible threats.

Our primary use case is for fraud detection and infrastructure, so we use the SIEM to detect frauds in the banking side of the house as well as infrastructure. I use it for security and UEBA purposes.

The primary use case is to provide security analytics for the SOC and empowering all of our SOC operations for day to day business.

My primary use case is to alert to any anomalies that may have security relevance as far as some of the industry regulations that apply to our health care, as well as payment card industry.

We utilize the LogRhythm solution to monitor most of our servers and our users to make sure that nothing anomalous is happening. What I really love about the LogRhythm platform is the fact that when something anomalous happens, I can see it almost immediately through the ability to collect a massive amount of logs in a very small footprint as far as hardware goes. We do utilize everything. I think one of the most recent things that I've really enjoyed about LogRhythm is the ability to utilize smart responses published by LogRhythm. For example, one of our use cases is that when we have a termed users group, that when someone is placed in there, we want to monitor to see if their account is ever activated again. So we have a smart response set up that when a termed user is enabled, the smart response immediately activates and says bam, that user is getting disabled again. We don't want anyone to have access to that at all.

Our primary use case would be for compliance. We needed a check in the box for compliance. Right now, it's performing and doing its job, allowing us to say that we are compliant with HIPAA, PCI, etc.

We have a small population of users, but we are large physically and geographically spread out with a lot of devices on our network. We need all that login capability going into one spot where we can see it and correlate events across all our infrastructure with a small staff.

We use it for all of our log correlations and event management. We try to do some external troubleshooting for other groups, like WebOps, but it's primarily our security and event manager.

The primary use case is looking at our security as a whole, as an organization, trying to get all the logs collected, see how things can be integrated or what's happening through the different products. We also use it to see how people are trying to potentially circumvent security and what we can do to prevent people from doing that. Finally, we use it to get training out to end-users for certain things that they may be doing inaccurately. We don't currently use the full-spectrum analytics or the built-in playbooks.

Primary use case for the SIEM would be for log collection and threat identification. We're still in the beginning stages of our security solution, as far as maturity. Two years ago, this security program didn't exist.

It's our central security monitoring platform. It's where we bring all of our events together so we can monitor our network.

We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm. It's a general SIEM system for us, gathering the logs into one area.

We primarily use the LogRhythm SIEM for the law collection aggregation for all of our Windows machines. We have all our firewalls sending logs to it. We have it hooked into Office 365 with the API to manage our cloud environment, and it's performed phenomenally.

The primary use case is compliance requirements. It is performing at the moment, but we are still in the process of implementing it.

Our primary use case is incident response and alerting. In terms of performance, it's pretty awesome.

We use it for centralized log management and for alerting. It's been working pretty well. We're on the beta program so what we're on right now has not been working quite as well lately. We're helping them find the bugs, but before this we didn't have any really major issues with it.

It came in as a compliance package. Now, it is more of a security analytics platform for us, so we try to route relevant security and computer logs. We also have some use cases that we came up with and some of the stuff that LogRhythm provided, which has been the basis of our use of this security platform. The company is dedicating me to working on this solution exclusively, so it has been great.

We have a lot of distributed offices and no visibility into any of them. The use case for this product is to collect and integrate logs from all the machines at all the different sites and get better insight into the security areas that we need to tighten up.

It monitors any potential security threats within any of our important network security appliances, like our firewall, or any of our important databases. The idea being that you can't look at all the logs at once, so we now have a central point of monitoring for all potential threats.

I'm an admin and analyst, so use cases cover a lot of log sources for applications, mostly.

We work on a dark site. It's the next generation ground station for the Air Force's GPS system. Our use cases are based mostly on an insider-threat perspective. We utilize a lot of AI Engine rules within the LogRhythm SIEM to detect different types of privileged-user actions, whether it be escalation of privileges, creation of user accounts, or modification of user accounts. We also use it for IDS rules and firewall rules that are met, in terms of the IDS finding signature attacks.

The biggest use case is visibility. Because we have a lot of flaws, if you don't have a tool that can bring it all in and give you that visibility, then all that log information is useless. Thus, LogRhythm helps us keep that visibility.

The primary use is monitoring logs, to see what's going on.

We collect from our primary devices and our endpoints and we look to identify any concerns around regulatory requirements in business use. We have payment card industry regulations that we are monitoring, to make sure everything's going the way it's supposed to, as well as for HIPAA, HITECH, and general security practices.

We have been using LogRhythm for the last seven to eight years. About a year-and-a-half ago we made a push, which is why I was brought on, to go global with it. The global use case is security only, we're not getting back to the business. It's the first time I've done SIEM that works that way. It's all about feeding the SOC and IR teams and letting them do their job.

We use it to alarm our help desk. We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.

It is for security monitoring.

The primary use case is to monitor for compliance and the behavioral analytics of our users, tracking for potential threats to the company's infrastructure. We are using both products. We are using NetMon integrated with the LogRhythm platform.