Attain Faster and More Accurate Threat Investigation with LogRhythm Axon’s Single Screen Investigation

When we built our cloud-native security information and event management (SIEM) platform, LogRhythm Axon, our goal was to make the product as efficient as possible to make the life of an analyst easier. With feature releases every two weeks, we’ve rounded up some highlights of all the feature releases in the last quarter. We’ve streamlined incident response with our new single screen investigation; an interactive workflow that highlights case evidence in a single pane of glass. And we’ve made search for lists more intuitive to bring greater efficiency to an analyst workflow.  

Efficient Threat Investigation with Interactive Case Management 

In most SIEM platforms, investigation of cases usually means analysts must navigate to other tabs within the user interface (UI) to gather evidence to make informed decisions. This process can be both time-consuming and prone to errors. LogRhythm Axon’s new interactive single screen investigation gives analysts faster and more accurate threat investigation by allowing them to view contextual insights and evidence of a case side by side without the need to pivot to different tabs within the UI. With a case detail panel, an evidence list panel, and single log inspector panel, analysts can make well-informed decisions by drilling into logs, individual observations, security analytics, and raw metadata all within a single pane of glass.  

Figure 1: Gain quicker response times with contextual insight of a case in one centralized workflow.

With an ever-growing threat landscape, the number of threats that need to be investigated is constantly increasing. This can make monitoring, closing, and cleaning up cases time-consuming, which can cause analysts to miss important activity or waste time in a duplicate effort when they need to be focusing on the most critical threats. With our bulk case action functionality within case management, analysts can easily clean up cases by swiftly changing status, priority, or ownership of multiple cases all at once.   

Figure 2: Easily maintain and manage cases with bulk case action functionality.

Faster Search Functionality with Lists 

With every release of LogRhythm Axon, we continuously strive to make our search functionality the best in the industry as searching for logs is a core competency of a high-performing SIEM. Based on customer feedback, it was apparent that we could make search using lists even faster and easier. Now using assisted search, when analysts construct a query and select the “in” or “not in” operator, the platform intuitively suggests list names and columns in plain English. In addition, we’ve made it easier to run full-text searches using the raw message field, and recent search queries will automatically display in the drop down for easy selection when an analyst conducts a search. 

Figure 3: Intuitive suggestions make it easy to search for lists.

Improvements to Axon Agent Collection, Installation, and Management 

As we continue to invest in LogRhythm Axon, we’re always looking for ways to reduce administrative overhead to ensure security operation centers (SOCs) can focus on the work that matters. This quarter, we wanted to make it easier to collect, deploy, and upgrade Agents as well as streamline support cases. Since collection helps drive security analytics rules, detections, and dashboards, we added more Windows event channels and made updates to the management grid in the UI to make it easier to deploy and upgrade Agents.  

And because customers are always at the forefront of our mind, we developed a diagnostics script within the UI that automatically collects the data needed for a support ticket on Windows and Linux platforms; helping cut down significantly on the turnaround time for support cases. With all these new enhancements reducing administrative overhead, analysts can now get back to focusing on the security aspect of the job.  

New Log Sources and Enrichment of Logs  

And just like every quarter, we are always adding new log sources and enhancing existing logs to help our customers gain comprehensive visibility into their environment. In addition, we are continuously adding out-of-the-box MITRE ATT&CK detections as well as updating existing ones to help analysts gain understanding of the nature of threats that are being surfaced and a quick time to value.  

It’s been over a year of continued innovation with the LogRhythm Axon cloud-native SIEM platform and we are excited to announce a roll-up of features during our seventh consecutive quarter of keeping our promise to you. This is just a preview of all the features that were released over the last quarter. Information and documentation on all the enhancements can be found in our Release Notes as well as within the LogRhythm Axon platform. 

To learn more about LogRhythm Axon, read the product data sheet or request more information here.