The demand to consume data and telemetry across multiple sources has exploded in recent years. Without the ability to support a range of log sources, customers often lack visibility across their enterprise. Additionally, the need to understand how to write JQ pipelines to consume data from API sources, such as lightweight and flexible command-line JSON processors, is often challenging for users.
LogRhythm recognizes these limitations and has made strides to ease the challenges with log collection. As part of the April release of LogRhythm SIEM version 7.12, we made it easier for customers to onboard log sources and we’ve enhanced the workflow to drive efficiency.
Manage Open Collector
With LogRhythm SIEM version 7.12, customers can access a simple interface in Open Collector (OC) Admin. OC Admin automates the creation of log sources within the LogRhythm console, increasing the speed and simplicity of the overall user experience to reduce operational overhead. The addition of the API log sources paves the way for LogRhythm’s eventuate move to migrate the OC Admin service to the web UI.
With OC Admin, LogRhythm removed the need for users to write JQ pipelines by creating the easy-to-use interface to parse data and provide centralized management of deployed Open Collectors. Customers can now use a new “Action” icon on the OpenCollectors page. Customers can also access live statistics such as CPU, memory, network, storage and threads/processes consumption through OC Admin.
Expanding Log Collection with New Beats
To fulfill customer and partner requests for additional log collection capabilities, LogRhythm expanded its log collection enabling customers to now consume data more easily and faster from API log sources and centrally manage the data.
LogRhythm added the following Beats:
- Symantec Web Secure Service (WSS)
- Microsoft Graph API
- Carbon Black Cloud
- Cisco AMP
Beats, which are free and open platforms for single-purpose data shippers, send data from machines and systems to logging systems such as Open Collector via a secure and backpressure aware protocol. Each Beat is designed to connect to one type of technology, with the goal of being specialized and as lightweight as possible.
As part of our ongoing commitment to excellence, customers and partners requested specific Beats through LogRhythm’s Innovation Portal. This capability allows customers to gain wider visibility into their enterprise and applications to further detect threats and potential operational anomalies.
Easing Open Collector Administration
Monitoring collectors across an enterprise is essential to ensure the right information is collected in a timely manner. As part of version 7.12, LogRhythm introduces light administration capabilities within OC Admin.
On the Open Collector Manage page, customers can perform a series of actions such as starting and stopping, importing and exporting full configuration, viewing in the UI high-level configuration, exporting logs as files, and viewing real-time logs in the UI.
Further Enhancing OC Admin with UI Improvements
Having a good analyst experience is key when working with data, which is why Open Collector has been enhanced with new workflows and updates the user interface. OC Admin now features a breadcrumb bar to help you navigate the UI more easily offers a polished look to the workflow. The appearance more closely aligns to LogRhythm Axon, our cloud-native Software-as-a-Service (SaaS) security operations platform.
Just Getting Started with Log Collection
The latest enhancements to our log collection capabilities serve as the foundation for bigger things to come. To deploy OC Admin or to learn more, visit the OC Admin documentation page.