Log Collector Software Datasheet
Log Collector Software Datasheet
LogRhythm SysMon
LogRhythm SysMon enables customers to fulfill security and compliance use cases
by performing data collection and generating rich host activity data. An optional Endpoint Monitoring Capabilities
component for the LogRhythm TLM platform, LogRhythm SysMon is a software
• File Integrity Monitoring prevents
agent that operates on endpoints, servers, and virtual machines running Windows,
corruption of key files by identifying
Linux, and UNIX. when and by whom files and
associated permissions are created,
LogRhythm SysMon for Data Collection
viewed, modified, and deleted.
LogRhythm SysMon enables threat detection and response by consolidating and
collecting log and machine data from local and remote environments and cloud • Independent Process Monitoring
reports process and service activity,
infrastructure. Functioning as an agent-based data collector, it complements
enabling detection of critical
our agentless data collection options to facilitate the aggregation of log data,
behavior, such as critical processes
security events, and other machine data.
stopping and new/blacklisted
LogRhythm SysMon for Endpoint Monitoring & Forensics processes (e.g., Tor) starting.
Addressing advanced threats, compliance violations, and operational issues • Windows Registry Monitoring flags
requires deep visibility into your environment, including the ability to correlate registry additions, modifications,
host activity with additional network information. Unfortunately, many categories deletions, permission (ACL)
of critical endpoint data are not available from Windows event logs and other changes, and more. This provides
typical sources. Even when available, many of these logs lack the level of detail the details necessary to detect
necessary to achieve true visibility. Filling these gaps usually requires one or advanced threats, compromised
endpoints, and more.
more additional agent-based solutions to perform independent monitoring.
• Network Connection Monitoring
LogRhythm SysMon’s integrated endpoint monitoring and forensics capabilities
provides a detailed, independent
perform independent logging of host activity. This telemetry enables multi-
log of all network connections
dimensional analysis of your wider environment, allowing you to:
opened and closed on a host,
• Detect and respond to security threats, including zero-day attacks helping LogRhythm detect critical
• Automate and enforce compliance with HIPAA, PCI, SOX, and other events, such as connections with
compliance regimes unauthorized servers.
• Monitor for operational issues, such as system and application failures • User Activity Monitoring logs
any user that authenticates to an
Extending the SmartResponse Automation Framework endpoint, creating a forensic record
LogRhythm SysMon extends the reach and flexibility of the LogRhythm to supplement and validate local
SmartResponseTM automation framework. Together, the technologies can auditing systems.
automatically or manually perform actions on an endpoint, such as: • Data Loss Defender monitors data
• Monitoring the host to generate diagnostic and forensic data for accurate transfers to and from removable
root cause analysis media, such as USB drives, and
can optionally block transfers on
• Disabling the network interface card for a compromised host
specific machines and devices.
• Starting or disabling a process and collecting related information
WWW.LOGRHYTHM.COM PAGE 1
Data Sheet - LogRhythm SysMon
WWW.LOGRHYTHM.COM PAGE 2
©2018 LogRhythm Inc. | DS950_Apr18