5 New Features that Streamline Security and Compliance with LogRhythm Axon

LogRhythm Axon Data Export feature for easy data retention in AWS storage

The output of a security and information event management (SIEM) platform is only as good as the data that is feeding into it. “Garbage in, garbage out,” as they say. Clean and contextualized data is the foundation of accurate security analytics and seamless incident response, so we are focused on ensuring that our automated source onboarding and AI-driven enrichment are the best in the industry. With data normalized by our Machine Data Intelligence (MDI) Fabric at the point of ingestion, we know that you will receive the best outputs to ensure accuracy in threat detection, investigation, and response.  

To meet compliance and regulatory requirements, some companies need to retain data for longer than their LogRhythm Axon time-to-live (TTL). We understand how important this use case is. That is why this quarter we released the ability to easily extend your data retention period and also introduced new out-of-the-box compliance frameworks.

1. Easy Data Retention for Business Requirements

Some of our customers need to retain data beyond their configured TTL to satisfy compliance requirements, enable long-term forensic search, or manipulate the data in third-party tools. This quarter, we released the ability to stream your logs to an AWS S3 storage bucket that you own. Within AWS, you can use easy and user-friendly tools such as Amazon Athena to access and search the data. The data is yours once it lands in the bucket, and you have the flexibility to move it, manipulate it, and retain it however long you wish.

2. Accurate Compliance Audits with Additional Pre-Built Frameworks

Last quarter we released compliance frameworks that included pre-built dashboards, searches, and reports for PCI-DSS 4.0, HIPAA, CMMC, NIST 800-53, and ISO27001, to help streamline and improve the accuracy of the data security compliance process.

This quarter, our LogRhythm Labs threat research team has been hard at work building and creating new out-of-the-box frameworks for NIST SP 800-171 and NIST CSF 2.0. From our LogRhythm Axon GitHub repository, you can easily import these frameworks into your instance, helping you satisfy compliance mandates easily. 

NIST 800-171 SIEM dashboard for analysts in LogRhythm Axon
Figure 1: Additional out-of-the-box compliance content for NIST compliance requirements.  

3. Faster and More Accurate Threat Investigation of Entities

When we built LogRhythm Axon, our focus was on developing a product built around the analyst experience. In January 2024, we introduced Single Screen Investigation workflow in case management to provide analysts with faster and more accurate threat investigation capabilities. By allowing them to view contextual insights and case evidence side by side, there is no need to pivot to a different tab within the user interface (UI).  

This quarter, we are excited to take Single Screen Investigation one step further. This innovative workflow is now also available in the search interface! When you pivot search or drill down during an investigation, the results will return in a new panel instead of a new search tab, giving you the ability to see the entire investigation in a single pane of glass. This workflow will help you streamline tasks like adding evidence to a case and determining the full scope of an incident. 

Finally, you can now easily investigate entities within Single Screen Investigation. By clicking on a user or a host, a new panel will open that shows contextual insights and search results for that user or host. Analysts can now do a full investigation and easily threat hunt in a single workflow, without losing the original context of a query.  

Investigation workflow in LogRhythm Axon showcasing Single Screen Investigation.
Caption 2: Easily investigate entities within Single Screen Investigation workflow.

4. Advanced Analytics Rules Correlation

Our mission has always been to help you secure your environment by detecting threats with the lowest possible noise and highest quality signals. As we continued in pursuit of this mission, it became clear we needed to enable our customers to build more complex detection rules. With the new advanced rule block linking capability, the group by from one rule block can be different than the group by in subsequent rule blocks. This greatly expands the advanced use cases customers can detect. Some examples include temporary account usage and lateral movement.  

LogRhythm Axon Advanced Analytics Builder
Figure 3: LogRhythm Axon’s advanced analytics enables better detections.

5. Alert Manager to Third-Party Tools

Not every person in an organization that needs information about incidents has access to the platform. That’s why we developed the ability to use Alert Manager to configure alerts to send to any email address any time a new case is created. In addition, many organizations use different third-party ticketing systems such as Opsgenie and JIRA, to track issues. Alert Manager makes it easy to send emails that initiate workflows in third-party systems, so you can tie a case within LogRhythm Axon to another system that tracks metrics and the outcomes.

LogRhythm Axon Alert Manager for third-party systems.
Figure 4: Set-up alerts to third-party systems to track cases outside of the platform.

Those are just the highlights of everything we’ve launched this quarter. As with every quarter, we’ve added support for popular log sources and enhanced existing policies. We’ve also added support for Amazon Linux 2023, Centos Stream 9, Debian Bookworm, Oracle, and Microsoft Windows 11 as Axon Agent host operating systems. 

Since LogRhythm Axon has feature releases every two weeks, we are always innovating on the platform so that security teams focus on the threats that matter. Information and documentation on all the enhancements can be found in our Release Notes as well as within the LogRhythm Axon platform. 

To learn more about LogRhythm Axon, read the product data sheet or schedule a demo here.