At Exabeam, innovation is at our very core. While we enhance our product portfolio, we continue to invest in LogRhythm SIEM with our latest release of version 7.12.
LogRhythm SIEM 7.12, which is now available, streamlines the process for collecting and monitoring new security data sources and automates log source onboarding, giving analysts a simplified experience and shifting more of their focus from administration to detecting, investigating, and responding to threats. This marks our fourth consecutive quarterly release innovating our products and keeping promises to you.
Enhancing the Admin API
To build off the initial work in LogRhythm SIEM version 7.11 introducing new endpoints to the LogRhythm Admin API, LogRhythm SIEM 7.12 includes additional endpoints needed to configure log source virtualization settings. With this addition, admins on your team can fully automate the creation of log source virtualization templates and virtual log source items.
With the latest version, we are also introducing two new administrative functions in the API — Management of Log Source Types and Log Processing policies. This enables your admins to fully automate the management of Log Source Types and Log Processing Policies. The latest improvement enhances the level of automation that LogRhythm SIEM performs, helping you reduce mundane tasks and automate log source onboarding.
This feature updates the API to better support the configuration of more advanced and customized log source types. It also lays the foundation to bring additional log source administration functionality into the Web Console. Look for additional capabilities in the next release in June.
Introducing Log Sources to the Web Console
With LogRhythm SIEM version 7.12, it is now possible to view and search through log sources through the web console, as well as see the last log message for each log source. Previously, log sources and the last log message timestamp could only be viewed from the client console, prompting you to use both the client console and the web console to accomplish tasks.
Under the Admin menu, you can navigate to the Log Source administration page to view and perform the following:
- View active and retired log source grids. Displayed columns include:
- Name
- Entity
- Log Source Type
- Log Source Host
- Collection Agent
- Silent Log Source
- Last Log Message
- Filter and sort in each column
- User visibility into log sources will adhere to user profiles and permissions
This is the first step to bring log source management into the web console. This feature unifies administration consoles, saving you time by performing fewer clicks and keeping information in a central location. Look out for future updates next quarter when we plan to announce further improvements.
SecondLook features improved administration and workflow
In response to customer requests, SecondLook now features a quick search function for completed SecondLook restores. Users can quickly search for restored archives with a single click, preventing them from re-entering search filters. This saves customers time when searching for restored archives.
As part of the SecondLook improvements, LogRhythm SIEM version 7.12 offers self-hosted customers automatic maintenance of archive indices. With this function, logs that are in the data indexers are automatically deleted based on a time limit parameters customer set. Customers who enable the feature can modify specific settings to indicate how long they want to keep the logs.
This feature lets customers analyze and interrogate historical data more easily. It also reduces administration, saving users time from performing manual clean-up on their own.
SecondLook Role-based Access Controls (RBAC)
Role-based access controls now offers more granular options for allowing access to SecondLook. Within a user profile, administrators can grant a user access to the SecondLook tool in the Client Console, in the Web Console, or in both consoles.
Enhancing Log Collection with OC Admin
Building off the introduction of OC Admin in LogRhythm SIEM version 7.11, we made additional improvements in the latest release to enhance the workflow and make it even easier for customers to onboard log sources. With LogRhythm SIEM version 7.12, customers can now access a simple interface to parse data and centrally manage deployed Open Collectors, allowing for greater automation of the technology.
Additionally, LogRhythm SIEM 7.12 enables customers to ingest data from a variety of API sources using OC Admin. We expanded its log collection to include the following:
- Prisma
- Symantec Web Secure Service (WSS)
- Microsoft Graph API
- Carbon Black Cloud
- Cisco AMP
- DUO
- Proofpoint
To improve technical support issues with Open Collector, version 7.12 also introduces light administration capabilities within OC Admin. Customers often are challenged with configuring Open Collector or they lack the know-how to fix an issue when something goes wrong. As part of the Open Collector Manage page, customers can perform a series of actions such as starting and stopping, importing, and exporting full configuration, viewing high level configuration, exporting logs as files, and viewing real-time logs in the UI.
For more on OC Admin improvements, visit the blog post here.
Ongoing log source support
Exabeam is committed to providing customers with greater value. As part of that mission, the team revisits supported log sources and updates them to enable better correlation and analysis. Our new and enhanced methods of ingestion include:
- Prisma Cloud API: Allows users to monitor everything that is occurring in the Prisma Cloud suite.
- SalesForce eCommerce Auditing: Allows users to see what client(s) created a Promocode or altered the price of an item, with what server and user
- Open Collector behind Squid Proxy: acts as an additional data security boundary to protect users from malicious activity on the internet.
- Open Collector: Oracle Version Update offers support between Oracle operating systems and Open Collector
- System Monitor (SysMon) Agent: Support for the latest version of RHEL
- System Monitor Agent: Support between Oracle operating systems and SysMon
We’ve also updated our Machine Data Intelligence (MDI) Fabric capabilities to enhance multiple MPE rules and signature IDs across Cisco Secure Email, Cisco Umbrella, FireEye, Imperva, Tanium, ForcePoint, MS Windows Event Logging, MS Exchange Management, Symantec DLP, and among others.
New LogRhythm SmartResponse™
We’re continuing to add to our growing library of LogRhythm SmartResponses™, our prebuilt automated actions for third-party integrations. These actions enable you to execute preventative actions, accelerate your response, and shorten your workflow. With the LogRhythm SIEM 7.12 release, our Netskope 2.0 SmartResponse is now available. Through Netskope’s REST API, customers can add URLs, files, or SHA-256 hashes to the application blacklist in Netskope.
Upgrading to LogRhythm SIEM 7.12 and influencing the future
We remain committed to our customers. Our latest product enhancements come, in part, from customer feedback. Take advantage of the latest features of LogRhythm SIEM version 7.12 by letting our team of experts perform the upgrade for you. Our Professional Services team is available to enable you to upgrade to every quarterly SIEM release with ease. Existing customers can and download LogRhythm 7.12 from Community.