IncydrTM + LogRhythm

Correlate actionable risk insights to speed insider threat response

FIND OUT HOW

Overview

Incydr integrates with LogRhythm via a command-line interface (CLI) to send file exfiltration events and alert information from Incydr into custom dashboards within LogRhythm for correlation and triage.

Incydr’s insider risk detection lenses surface insights for subsets of users more likely to put data at risk, such as users with access to proprietary information or departing employees. Extracting this data into LogRhythm provides security teams with actionable insights that can be applied to existing SOC workflows to substantiate insider threat investigations and speed response.

Benefits of the Incydr + LogRhythm integration

Prioritized risk
Manage insider risk throughout the employee lifecycle and across users more likely to put data at risk.

Reduced complexity
Apply Incydr file exposure and exfiltration events into LogRhythm dashboards or workflows.

Faster response
Speed response to insider threat incidents with actionable insights to substantiate investigations.

Integration features

Actionable alerts

Extract alert information from Incydr into existing LogRhythm workflows for correlation and triage.

Custom dashboards

Create custom dashboards within LogRhythm using Incydr data -- with the ability to tailor queries based on file, vector or user (i.e. only files that have been uploaded via a browser).

Open API

Deliver alerts into LogRhythm using JavaScript Object Notation (JSON) or Common Event Format (CEF).

Prioritized risk detection

Use the CLI to manage users on the high risk or departing employee lists within LogRhythm.

Insider threat ecosystem

Leverage Incydr to establish insider threat processes and maximize the potential of your existing security investments.

Integration features

Actionable alerts

Extract alert information from Incydr into existing LogRhythm workflows for correlation and triage.

Custom dashboards

Create custom dashboards within LogRhythm using Incydr data -- with the ability to tailor queries based on file, vector or user (i.e. only files that have been uploaded via a browser).

Open API

Deliver alerts into LogRhythm using JavaScript Object Notation (JSON) or Common Event Format (CEF).

Prioritized risk detection

Use the CLI to manage users on the high risk or departing employee lists within LogRhythm.

Insider threat ecosystem

Leverage Incydr to establish insider threat processes and maximize the potential of your existing security investments.

Featured Use Case

Extract Incydr data into LogRhythm for actionable insights, correlation and triage of insider threats


Challenge: Policy-driven approaches to mitigating insider risk have left organizations blind to the data security events that are hard to tag or categorize.

Solution: Incydr logs every file event then enriches it with context on the vector, file and user to determine what represents real risk. Risk detection lenses are purpose-built for common insider threat scenarios but can be customized to your environment. When file exposure or exfiltration is detected, high-fidelity alert information is extracted into LogRhythm for correlation and triage. This ensures Incydr data can be applied to existing SOC workflows while ensuring complete file context to support investigations and speed response.

Benefit: Streamlining alert information and incident triage within LogRhythm reduces complexity by correlating event information to deliver actionable insights that speed insider threat response.