Giters

wlarsen65 / Metrics-LogRhythm-SIEM

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

LogRhythm Reporting Metrics

This repository contains LogRhythm related content that is specifically focused around reporting metrics.  The hope is to provide these files free to the community so we all can benefit from them.  Please feel free to share any improvements to the content that is provided and I will make sure you get credit for your contributions to the community. 

Getting Started

  1. Download PowerBI here: https://powerbi.microsoft.com/en-us/downloads/
  2. Save/Download the following files from this repository to your system
    • LogRhythm Metrics v1.pbix
    • AlarmStatus.xlsx
    • CaseStatus.xlsx
    • PriorityStatus.xlsx
  3. Launch the PowerBI template file (LogRhythm Metrics v1.pbix)
  4. Once in the file we’ll need to change the data sources to point to your LogRhythm instance
  5. In the ribbon click “Edit Queries” then select “Data Source Settings”

Change the following items:

    • Highlight 127.0.0.1;LogRhythm_Alarms
      • Click “Change Source” and update the server address to display your Platform Manager then click “OK”
      • Click “Edit Permissions”, under Credentials select “Edit” and make sure Windows is selected and configuration is set to “Use my current credentials” then click “Save” followed by “OK”
    • Highlight 127.0.0.1;LogRhythm_CMDB
      • Click “Change Source” and update the server address to display your Platform Manager then click “OK”
      • Click “Edit Permissions”, under Credentials select “Edit” and make sure Database is selected and configuration is set to “<an account with DB access>” then click “Save” followed by “OK”
    • Highlight 127.0.0.1;LogRhythm_LogMart
      • Click “Change Source” and update the server address to display your Platform Manager then click “OK”
      • Click “Edit Permissions”, under Credentials select “Edit” and make sure Windows is selected and configuration is set to “Use my current credentials” then click “Save” followed by “OK”
    • Highlight 127.0.0.1;LogRhythmEMDB
      • Click “Change Source” and update the server address to display your Platform Manager then click “OK”
      • Click “Edit Permissions”, under Credentials select “Edit” and make sure Database is selected and configuration is set to “<an account with DB access>” then click “Save” followed by “OK”
    • Highlight C:\alarmstatus.xlsx
      • Click “Change Source” and update the file path to where you stored the alarmstatus.xlsx file
    • Highlight C:\casestatus.xlsx
      • Click “Change Source” and update the file path to where you stored the casestatus.xlsx file
    • Highlight C:\prioritystatus.xlsx
      • Click “Change Source” and update the file path to where you stored the prioritystatus.xlsx file

 

Screenshots: 

Main

Alarm

Cases

About

License:The Unlicense