View LogRhythm drilldown events

Release version: Washingtondc

Updated February 1, 2024

1 minute to read

View the related raw or base events for a LogRhythm alarm in the security incident.

Before you begin

Role required: sn_si.admin

About this task

As a security analyst you can view the related raw or base events for a LogRhythm alarm without having to go back to the LogRhythm console. You can do this by going to a related list that contains all the drill-down events on the SIR incident.

Procedure

Navigate to All > LogRhythm Integration > LogRhythm Drilldown Events.

The following illustration shows how to navigate to the LogRhythm Drilldown Events module, sort the list of events by Group By Alarm ID, and click the associated security incident. In the security incident, you can find the LogRhythm Drilldown Events tab in the related links.

Illustrates how to navigate to the drill down events.