Merge pull request #206680 from batamig/logrhythm

v-regandowner · web-flow · commit 4dcbb28ccda6 · 2022-08-03T14:53:59.000-04:00
LogRhythm
diff --git a/articles/defender-for-iot/organizations/TOC.yml b/articles/defender-for-iot/organizations/TOC.yml
@@ -106,25 +106,27 @@
     items:
     - name: Overview
       href: integrate-overview.md
-    - name: ArcSight
-      href: integrations/arcsight.md
-    - name: Integrate ClearPass
+    - name: ClearPass
       href: tutorial-clearpass.md
-    - name: Integrate CyberArk
+    - name: CyberArk
       href: tutorial-cyberark.md
-    - name: Integrate Forescout
+    - name: Forescout
       href: tutorial-forescout.md
-    - name: Integrate Fortinet
+    - name: Fortinet
       href: tutorial-fortinet.md
-    - name: RSA NetWitness
-      href: integrations/netwitness.md
-    - name: Integrate Palo Alto
+    - name: LogRhythm
+      href: integrations/logrhythm.md
+    - name: Micro Focus ArcSight
+      href: integrations/arcsight.md
+    - name: Palo Alto
       href: tutorial-palo-alto.md
-    - name: Integrate Qradar
+    - name: Qradar
       href: tutorial-qradar.md
-    - name: Integrate Splunk
+    - name: RSA NetWitness
+      href: integrations/netwitness.md
+    - name: Splunk
       href: tutorial-splunk.md
-    - name: Integrate ServiceNow
+    - name: ServiceNow
       href: tutorial-servicenow.md
   - name: System deployment
     items:
diff --git a/articles/defender-for-iot/organizations/integrate-overview.md b/articles/defender-for-iot/organizations/integrate-overview.md
@@ -21,6 +21,7 @@ The following table lists available integrations for Microsoft Defender for IoT,
 |**CyberArk**     | Send CyberArk PSM syslog data on remote sessions and verification failures to Defender for IoT for data correlation.   | [Integrate CyberArk with Microsoft Defender for IoT](tutorial-cyberark.md)       |
 |**Forescout**     | Automate actions in Forescout based on activity detected by Defender for IoT, and correlate Defender for IoT data with other *Forescout eyeExtended* modules that oversee monitoring, incident management, and device control.  | [Integrate Forescout with Microsoft Defender for IoT](tutorial-forescout.md)      |
 |**Fortinet**     | Send Defender for IoT data to Fortinet services for: <br><br>- Enhanced network visibility in FortiSIEM<br>- Extra abilities in FortiGate to stop anomalous behavior    | [Integrate Fortinet with Microsoft Defender for IoT](tutorial-fortinet.md)     |
+| **LogRhythm** | Forward Defender for IoT alerts to LogRhythm. | [Integrate LogRhythm with Microsoft Defender for IoT](integrations/logrhythm.md) |
 | **RSA NetWitness** | Forward Defender for IoT alerts to RSA NetWitness | [Integrate RSA NetWitness with Microsoft Defender for IoT](integrations/netwitness.md) <br>[CyberX Platform - RSA NetWitness CEF Parser Implementation Guide](https://community.netwitness.com//t5/netwitness-platform-integrations/cyberx-platform-rsa-netwitness-cef-parser-implementation-guide/ta-p/554364) |
 |**Palo Alto**     |Use Defender for IoT data to block critical threats with Palo Alto firewalls, either with automatic blocking or with blocking recommendations.   | [Integrate Palo-Alto with Microsoft Defender for IoT](tutorial-palo-alto.md)      |
 |**QRadar**     |Forward Defender for IoT alerts to IBM QRadar.   | [Integrate Qradar with Microsoft Defender for IoT](tutorial-qradar.md)      |
diff --git a/articles/defender-for-iot/organizations/integrations/logrhythm.md b/articles/defender-for-iot/organizations/integrations/logrhythm.md
@@ -0,0 +1,52 @@
+---
+title: Integrate LogRhythm with Microsoft Defender for IoT
+description: Learn how to send Microsoft Defender for IoT alerts to ALogRhythmrcSight.
+ms.topic: how-to
+ms.date: 08/02/2022
+---
+
+# Integrate LogRhythm with Microsoft Defender for IoT
+
+This article describes how to send Microsoft Defender for IoT alerts to LogRhythm. Integrating Defender for IoT with LogRhythm provides visibility into the security and resiliency of OT networks and a unified approach to IT and OT security.
+
+## Prerequisites
+
+Before you begin, make sure that you have the following prerequisites:
+
+- Access to a Defender for IoT OT sensor as an Admin user.
+
+## Create a Defender for IoT forwarding rule
+
+This procedure describes how to create a forwarding rule from your OT sensor to send Defender for IoT alerts from that sensor to LogRhythm.
+
+For more information, see [Forward alert information](../how-to-forward-alert-information-to-partners.md).
+
+1. Sign in to your OT sensor console and select **Forwarding** on the left.
+
+1. Enter a meaningful name for your rule, and then define your rule details, including:
+
+    - The minimal alert level. For example, if you select Minor, you are notified about all minor, major and critical incidents.
+    - The protocols you want to include in the rule.
+    - The traffic you want to include in the rule.
+
+1. In the **Actions** area, define the following values:
+
+    - **Server**: Select a SYSLOG server option, such as **SYSLOG Server (LEEF format)
+    - **Host**: The IP or hostname of your LogRhythm collector
+    - **Port**: Enter **514**
+    - **Timezone**: Enter your timezone
+
+1. Select **Save** to save your forwarding rule.
+
+## Configure LogRhythm to collect logs
+
+After configuring a forwarding rule from your OT sensor console, configure LogRhythm to collect your Defender for IoT logs.
+
+For more information, see the [LogRhythm documentation](https://docs.logrhythm.com/docs/devices/syslog-log-sources).
+
+## Next steps
+
+For more information, see:
+
+- [Integrations with partner services](../integrate-overview.md)
+- [Forward alert information](../how-to-forward-alert-information-to-partners.md)
