Skip to content

RhythmX

Behavioral Threat Detection Platform Powered by Machine Learning

RhythmX is a high-performance threat detection engine that extends the LogRhythm platform with an additional layer of Sigma-based behavioral detection and machine learning. It processes forwarded logs in near real-time, applying community and custom Sigma rules to surface threats across Windows and Linux environments.

What It Does

RhythmX integrates with LogRhythm's Log Distribution Services to add a complementary detection layer powered by the open Sigma rule standard and machine learning. It enriches LogRhythm's existing capabilities by providing flexible, community-driven threat detection at scale.

  • Extends LogRhythm with an additional Sigma-based and ML-powered detection layer
  • Ingests logs forwarded from LogRhythm via Log Distribution Services
  • Supports multiple log sources — Windows Event Logs, Linux Sysmon, and Linux Auditd
  • Runs detections against every log batch in near real-time
  • Outputs structured alerts back in a LogRhythm-compatible format for seamless integration
  • Accepts custom Sigma rules so teams can rapidly author and deploy new detections

Why RhythmX

Capability What RhythmX Delivers
Sigma rule support Runs the full Sigma rule standard against forwarded logs
Machine learning Adds ML-driven detection alongside rule-based analysis
Rapid detection authoring Drop in a .yml Sigma rule — detections are live on the next cycle
Cross-platform coverage Native support for Windows, Linux Sysmon, and Linux Auditd
Performance at scale Optimized for 20,000–25,000 events per second sustained throughput
Open detection logic Sigma rules are open, portable, and community-driven

Quick Overview

flowchart TD
    A["LogRhythm<br><i>Log Sources</i>"] --> B["Log Distribution Services"]
    B --> C["RhythmX Engine"]
    D["Sigma Rules + ML<br><i>Built-in + Custom</i>"] --> C
    C --> E["Structured Detections<br><i>LogRhythm-compatible</i>"]

    style A fill:#4a148c,stroke:#7c43bd,color:#fff
    style B fill:#1a237e,stroke:#534bae,color:#fff
    style C fill:#b71c1c,stroke:#f05545,color:#fff
    style D fill:#e65100,stroke:#ff9d3f,color:#fff
    style E fill:#1b5e20,stroke:#4c8c4a,color:#fff

Explore the Architecture page for a detailed look at how logs flow through the system.