Introducing LogRhythm Version 7.5: Improve Analysts’ Day-to-Day Workflow

LogRhythm

Save Time with Improved Workflows

Imagine, you’re alerted of a possible exploit, but you can’t recall whether that system has been patched recently. You try to search for historical data about the host to confirm, but you can’t remember the exact fields to use. You’ve hit a bottleneck, and know time is ticking. You start to sweat. Sound familiar? Let’s face it, that’s a typical day for most security analysts. According to The State of the Security Team report, 75 percent of security teams state that their work-related stress has increased in the last two years, and lack of time is one of the primary causes.

To address these challenges, we’re excited to introduce LogRhythm 7.5 and the new features that will improve analysts’ workflow and response times.

Easier Investigating and Troubleshooting

New features for SOAR security solution in 7.5 automate more tasks for faster triage and investigation, especially for Tier 1 and beginner-level analysts. 7.5 features reduce the learning curve, enabling new users to become comfortable in the platform quickly while adding more power to a LogRhythm power user’s toolkit. The easier it is for analysts to jump in and begin working effectively, the less time your team will spend on onboarding. Increased efficiency and powerful tools give analysts back time to spend on their passions — factors that contribute to job satisfaction and will likely keep new and veteran employees from jumping ship.

Node-Link Graphs: Analysts can visualize the connections between users and hosts in an easy-to-follow graph. When investigating an event with thousands of log sources, the node-link visualization helps you spot unusual network traffic between hosts and anomalous authentication activity.

LogRhythm 7.5 Node Link Graph
Figure 1. Analyst experience with Node Link Graph

Tail in the Web Console: Since we first released the Web Console, the ability to bring Tail from the Client Console to the Web Console has been one of our top feature requests. With 7.5, now you can. Tail in the Web Console continuously updates search results, and you can watch data as it is collected and processed. This new feature improves tracking active incidents and testing new rules because it will re-run a search in real time, no need to resubmit a search query!

LogRhythm 7.5 Tail in the Web Console
Figure 2. Analyst experience with Tail in the Web Console

Lucene Helper: This feature was born out of an idea submitted in a LogRhythm Hackathon competition. Before 7.5, you would need to know the exact filter field name and values you wanted when creating a search, but with Lucene Helper, suggested filter text will auto-populate to save you time and reduce the chances of errors when creating filters.

Lucene filters have been widely adopted and customers recognize how valuable this feature will be to more junior security analysts. Don’t worry about older saved filters you’ve spend time creating. They will all still work with the new Lucene Helper.

“I can never remember the Lucene filters…This is a great new feature that I think I can get the team to adopt. Power users are the only ones that use Lucene today.” – Lucene Helper early adopter

LogRhythm 7.5 Lucene Helper
Figure 3. Analyst experience with Lucene Helper

Easier Search and Administrative APIs

While LogRhythm 7.5 provides new features that will make security analysts’ job easier, there are updates to make API search and administrative tasks easier for power users and SOC teams needing a deeper level of integration with LogRhythm — be it third party or customer integrations. We’ve modernized our API ecosystem with RESTful Search API, making it easier for power users and MSSPs to integrate and use LogRhythm data outside of the platform.

Getting Started with 7.5

If you’re a LogRhythm customer, updating to 7.5 will give time back to your security analysts, help them become more effective in their roles, improve triage, and, ultimately increase your security maturity.

Download 7.5 Here

While LogRhythm NextGen SIEM Platform customers rank us no. 1 in customer satisfaction based on ease of use, setup, and administration, as well as the quality of LogRhythm’s support compared to other SIEM providers, we are always aiming to modernize the platform and focus on delivering a quality product. If you have not already, check out improvements we’ve made to Open Collector for easier cloud log sources onboarding for more efficient cloud monitoring.