logrhythm draft

batamig · batamig · commit c5127a7e2597 · 2022-08-02T20:41:43.000+03:00
diff --git a/articles/defender-for-iot/organizations/TOC.yml b/articles/defender-for-iot/organizations/TOC.yml
@@ -114,6 +114,8 @@
       href: tutorial-forescout.md
     - name: Integrate Fortinet
       href: tutorial-fortinet.md
+    - name: LogRhythm
+      href: integrations/logrhythm.md
     - name: Integrate Palo Alto
       href: tutorial-palo-alto.md
     - name: Integrate Qradar
diff --git a/articles/defender-for-iot/organizations/integrate-overview.md b/articles/defender-for-iot/organizations/integrate-overview.md
@@ -20,6 +20,7 @@ The following table lists available integrations for Microsoft Defender for IoT,
 |**CyberArk**     | Send CyberArk PSM syslog data on remote sessions and verification failures to Defender for IoT for data correlation.   | [Integrate CyberArk with Microsoft Defender for IoT](tutorial-cyberark.md)       |
 |**Forescout**     | Automate actions in Forescout based on activity detected by Defender for IoT, and correlate Defender for IoT data with other *Forescout eyeExtended* modules that oversee monitoring, incident management, and device control.  | [Integrate Forescout with Microsoft Defender for IoT](tutorial-forescout.md)      |
 |**Fortinet**     | Send Defender for IoT data to Fortinet services for: <br><br>- Enhanced network visibility in FortiSIEM<br>- Extra abilities in FortiGate to stop anomalous behavior    | [Integrate Fortinet with Microsoft Defender for IoT](tutorial-fortinet.md)     |
+| **LogRhythm** | Forward Defender for IoT alerts to LogRhythm. | [Integrate LogRhythm with Microsoft Defender for IoT](integrations/logrhythm.md) |
 |**Palo Alto**     |Use Defender for IoT data to block critical threats with Palo Alto firewalls, either with automatic blocking or with blocking recommendations.   | [Integrate Palo-Alto with Microsoft Defender for IoT](tutorial-palo-alto.md)      |
 |**QRadar**     |Forward Defender for IoT alerts to IBM QRadar.   | [Integrate Qradar with Microsoft Defender for IoT](tutorial-qradar.md)      |
 |**ServiceNow**     |  View Defender for IoT device detections, attributes, and connections in ServiceNow.   | [Integrate ServiceNow with Microsoft Defender for IoT](tutorial-servicenow.md)    |
diff --git a/articles/defender-for-iot/organizations/integrations/logrhythm.md b/articles/defender-for-iot/organizations/integrations/logrhythm.md
@@ -0,0 +1,54 @@
+---
+title: Integrate LogRhythm with Microsoft Defender for IoT
+description: Learn how to send Microsoft Defender for IoT alerts to ALogRhythmrcSight.
+ms.topic: how-to
+ms.date: 08/02/2022
+---
+
+# Integrate LogRhythm with Microsoft Defender for IoT
+
+This article describes how to send Microsoft Defender for IoT alerts to LogRhythm. Integrating Defender for IoT with LogRhythm provides visibility into the security and resiliency of OT networks and a unified approach to IT and OT security.
+
+## Prerequisites
+
+Before you begin, make sure that you have the following prerequisites:
+
+- Access to a Defender for IoT OT sensor, version TBD or higher. Make sure that you can sign in as a TBD user.
+
+- Access to an LogRhythm server as a TBD user.
+
+## Create a Defender for IoT forwarding rule
+
+This procedure describes how to create a forwarding rule from your OT sensor to send Defender for IoT alerts from that sensor to LogRhythm.
+
+1. Sign in to your OT sensor console and select **Forwarding** on the left.
+
+1. Enter a meaningful name for your rule, and then define your rule details, including:
+
+    - The minimal alert level. For example, if you select Minor, you are notified about all minor, major and critical incidents.
+    - The protocols you want to include in the rule.
+    - The traffic you want to include in the rule.
+
+    For more information, see [Forward alert information](../how-to-forward-alert-information-to-partners.md).
+
+1. In the **Actions** area, define the following values:
+
+    - **Server**: Select a SYSLOG server option, such as **SYSLOG Server (LEEF format)
+    - **Host**: The IP or hostname of your LogRhythm collector
+    - **Port**: Enter **514**
+    - **Timezone**: Enter your timezone
+
+1. Select **Save** to save your forwarding rule.
+
+## Configure LogRhythm to collect logs
+
+After configuring a forwarding rule from your OT sensor console, configure LogRhythm to collect your Defender for IoT logs.
+
+For more information, see the [LogRhythm documentation](https://docs.logrhythm.com/docs/devices/syslog-log-sources).
+
+## Next steps
+
+For more information, see:
+
+- [Integrations with partner services](../integrate-overview.md)
+- [Forward alert information](../how-to-forward-alert-information-to-partners.md)
