LogRhythm Entities

There is a category of objects which seem to have an identity, which remains the same throughout the states of the software. For these objects it is not the attributes which matter, but a thread of continuity and identity, which spans the life of a system and can extend beyond it. Such objects are called Entities.

The Business Domain

SIEM

  • Data Aggregation
  • Retention
  • Dashboards
  • Correlation
  • Alerting
  • Forensic Analysis

 

cyber threat detection and response

 

 

 

 

 

Collection & Archiving

Parsing & Processing

Alarming

Case Management

SIEM Entities

Log

Packet, Session

Event

Alarm

  • Attribution
  • Qualification
  • Notification
  • Actionable

Case

Asset Entities

Person

Host

Network

Organizational Unit

Administrative Entities

  • Users / Accounts
  • Permissions
  • Deployment
  • Configuration
  • Notifications
  • Auditing
  • Stats
  • Log Aggregation
Made with Slides.com