Deployed LogRhythm SIEM

it_user822597 - PeerSpot reviewer
4 people managed
12 month project

Project Description

Deployed LogRhythm SIEM. Included 2 instances of LogRhythm Network Monitor. FIM enabled.

Lessons Learned

Lessons learned:

* updated asset database including application owners

* security access to critical network and server devices to avoid resource limitations

* ensure logging is enabled on log sources

* install solution nearest the assets being monitored

* understanding of IP scheme and naming conventions used in the organization

Highlights

Support from colleagues

Difficulties

Equipment incompatibility
Steep learning curve
Hard to meet schedule

Products Used

Cisco Catalyst Switches
Fortinet FortiGate
LogRhythm SIEM
CrowdStrike Falcon
LogRhythm NetMon

Technical Skills Used

  • SIEM Engineer
  • Firewall Administrator
  • Network Engineer
  • Event Correlation
  • Active Directory
  • Domain Admin
  • Ubuntu Linux
  • Incident Response
  • Runbook Creation
  • Chicago (IL-US)41.85-87.65