Code42 + LogRhythm

Get Started

Correlate actionable risk insights to speed insider threat response

Code42 integrates with LogRhythm to send file exposure and exfiltration events from Code42 Incydr into custom dashboards within LogRhythm for correlation and triage.

Code42’s insider risk detection lenses surface insights for subsets of users more likely to put data at risk, such as users with access to proprietary information or departing employees. Ingesting this data into LogRhythm provides security teams with actionable insights that can be applied to existing SOC workflows to substantiate insider threat investigations and speed response.

Benefits of the Code42 + LogRhythm integration

Prioritized risk


Manage insider risk throughout the employee lifecycle and across users more likely to put data at risk.

Reduced complexity


Reduce complexity by applying Code42 file and exfiltration event information into LogRhythm dashboards or AI Engine correlation alerts.

Faster response


Speed response to insider threat incidents with actionable insights to substantiate investigations.

Integration features

File telemetry information

Ingest file telemetry information from Code42 into existing LogRhythm workflows for correlation and triage.

Custom dashboards

Create custom dashboards within LogRhythm using Code42 data — with the ability to tailor queries based on file, vector or user (i.e., only files that have been uploaded via a browser).

Actionable insights

Deliver new file and exposure data into LogRhythm, using Common Event Format (CEF).

Prioritized risk detection

Accelerate response to threats identified by Code42 by using machine data intelligence provided by the LogRhythm NextGen SIEM Platform.

Insider risk workflows

Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

Integration features

File telemetry information

Ingest file telemetry information from Code42 into existing LogRhythm workflows for correlation and triage.

Custom dashboards

Create custom dashboards within LogRhythm using Code42 data — with the ability to tailor queries based on file, vector or user (i.e., only files that have been uploaded via a browser).

Actionable insights

Deliver new file and exposure data into LogRhythm, using Common Event Format (CEF).

Prioritized risk detection

Accelerate response to threats identified by Code42 by using machine data intelligence provided by the LogRhythm NextGen SIEM Platform.

Insider risk workflows

Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

Featured Use Case

Ingest Code42 data into LogRhythm for actionable insights, correlation and triage of insider threats.

Challenge

Challenge: Security teams have underdeveloped or non-existent processes in place to detect and respond to insider threats or data exfiltration.

Solution

Solution: LogRhythm's MDI fabric seamlessly ingests Code42 data so that logs can be analyzed along with additional security data for corroboration and eventual remediation. Code42 logs every file event then enriches it with context on the vector, file and user to determine what represents real risk. Risk detection lenses are purpose-built for common insider threat scenarios but can be customized to your environment. When file exposure or exfiltration is detected, high-fidelity alert information is extracted into LogRhythm for correlation and triage. This ensures Code42 data can be applied to existing SOC workflows while ensuring complete file context to support investigations and speed response.

Benefit

Benefit: Streamlining alert information and incident triage within LogRhythm reduces complexity by correlating event information to deliver actionable insights that speed insider threat response.