As part of our commitment to customers, we’re continuing to innovate and invest in the LogRhythm SIEM Platform. Since 2003, LogRhythm has been an ally in cybersecurity, helping reduce customers’ cyber risk, eliminate blind spots, and quickly shut down attacks.
Our mission continues to help meet customers’ needs. We recognize that security analysts don’t have time to spare on long processes and inefficient workflows. Analysts require greater automation to do their jobs faster and more efficiently. Those are the drivers behind the LogRhythm SIEM Platform version 7.9.
With LogRhythm, we’re helping you overcome security obstacles by simplifying your workflow. Cybersecurity is hard, but LogRhythm makes it easier for you. The latest features in LogRhythm 7.9 improve overall efficiency and accelerate log filtering capabilities to make your tasks even easier. Read on to learn about the latest LogRhythm SIEM Platform enhancements.
Faster time to value with LogRhythm
At LogRhythm, we transform complex issues into something simple through our Machine Data Intelligence Fabric (MDI). We help make the lives of your security operations team easier through automation to help your organization get value even faster.
To accelerate your workflow and enable more efficient processes, we’ve improved the Admin API by adding System Monitoring (LogRhythm SysMon) Management endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching.
The Admin API lets you easily update existing SysMon agents and onboard new SysMon agents to reduce administrative overhead. For example, you can save precious time by writing a script to retire all agents at once. This prevents the task of singularly retiring agents, expediting your workflow.
To help you realize greater time to value, LogRhythm’s out-of-the-box (OOTB) content helps shorten the time it takes to respond to threats, accelerating your response and shortening your workflow. SmartResponse™, our prebuilt automated actions for third-party integrations, allow seamless execution at the source of SIEM data and alarms to improve incident response time. As part of our continuous enhancements, we’ve added and improved existing SmartResponses to our already extensive library of 120. Our new SmartResponse releases include:
- Microsoft Azure AD Account Management, v2.0
- Sophos Central, v2.0
- LogRhythm Case Report, v2.0
- Cisco SecureX, v2.0
- PagerDuty, v3.0
- Palo Alto Networks Firewall v3.0
- MS Teams v1.0
- Checkpoint v4.0
- Okta v3.0
- Recorded Future 1.0
Since log collection is the very core of a SIEM, it’s crucial to have the ability to collect numerous log sources. The more log sources that are sent to the SIEM, the better you can understand your data. To further help our customers, LogRhythm expanded our log source support to include the Generic Beat POST implementation method. We’ve also made parsing improvements for Carbon Black, Okta, Proofpoint Duo Beat, Azure Eventhub, and Google Cloud Platform (GCP). These updates enable better correlation and analysis of specific Beats.
Enhancing the breadth of LogRhythm solutions
Unlike other security companies, LogRhythm offers an all-encompassing security suite. From user and entity behavior analytics (UEBA) and security operations, automation, and response (SOAR) to log management and network detection and response (NDR) solutions, no other vendor brings such powerful solutions together under one offering.
To reinforce our commitment to customers, LogRhythm continues to enhance our security solutions. With LogRhythm 7.9, we’ve added additional filtering capabilities, allowing you to filter logs and apply security prioritization to your data at the agent. Our Event Log Filtering feature allows you to target specific types of Windows Event logs the agent queries and accelerate your time to process logs, removing burden on the collection pipeline.
The Windows Event Log API provides the ability to pass a select/suppress XML query when requesting logs. By utilizing this built-in Windows functionality, the SMA agent can limit the query results from the server and reduce agent workload.
With Event Log Filtering, customers now have three different options for log filtering: Event Log Filtering at the agent, Log Source Virtualization filtering at the agent, and Global Log Processing Rule filters at the Mediator. You can choose the one that best meets your needs. This reduces log ingestion through the SIEM, reducing strain on the collection pipeline and unnecessary log clutter in the SIEM.
To further broaden our solutions, we’ve also expanded our functionality for New Use Context by adding additional metadata fields, including Object Name, Command, and MAC Address to the General List type to leverage MITRE ATT&CK and more sophisticated log sources. This enables you to expand your use of LogRhythm solutions. With the new metadata fields, you can create lists for different LogRhythm metadata fields to use MITRE ATT&CK and other sophisticated log sources that generate these data fields.
Additionally, LogRhythm 7.9 includes security patches to update some of the libraries LogRhythm uses today, including Log4j, to close some of those security gaps. Log4j is the widely used, open-source logging library commonly used by apps and services across the internet, including Elasticsearch. The Log4Shell vulnerability was discovered in Log4j in December 2021. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software. Under LogRhythm version 7.9, we’ve upgraded our Elasticsearch™ version, which includes an update of Log4j to version 2.17.1, resolving the Log4Shell vulnerability.
Gain greater flexibility with LogRhythm
When it comes to security, flexibility is critical. As part of LogRhythm 7.9, we’ve extended platform flexibility by fully supporting compatibility for SQL Server 2019. This update now enables existing customers and new installs to use the latest version of SQL. LogRhythm 7.9 also supports customers with existing deployments who want to upgrade SIEM servers to Windows Server 2019. Previously, LogRhythm only supported Windows Server 2019 for fresh LR installs.
If you wish to upgrade, LogRhythm handles licensing for SQL 2019 and Server 2019 via the following:
Server 2019 Licensing:
- If you purchased hardware from LogRhythm on or after Nov. 1, 2020, you purchased a Server 2019 from LogRhythm. This license can be used to upgrade the operating system. You can use and validate your license by looking at the license sticker on top of the server. If you are unable to locate the license, you can open a support case.
- If you bought hardware prior to Nov. 1, 2020, you must provide your own Server 2019 license.
SQL 2019 Licensing:
- If you bought software on or after Feb. 1, 2021, you purchased a SQL 2019 license from LogRhythm. If you wish to upgrade SQL, you can open a support case to receive an installer and key.
- If you purchased software prior to Feb. 1, 2021, you must provide your own SQL 2019 installer and license.
- For those customers that purchased hardware, you must provide your own SQL 2019 installer and license.
LogRhythm 7.9 also gives you greater flexibility to manage costs with our License Metering Reports. We understand it’s important to stay on top of costs. That’s why we’ve added a new reporting feature to make licensing overages more visible and easier to understand. When the License Metering Report runs, it will now display any overages in the past 30 days. This feature can help you better manage license usage and potentially lower your expenses.
Getting started with LogRhythm 7.9
LogRhythm SIEM Platform version 7.9 makes your day job easier, improving your efficiency and your security workflow. If you are an existing customer, you need to request a new license to access LogRhythm 7.9. Download 7.9 from Community today or watch our May Tips & Tricks webinar to learn more about LogRhythm 7.9 and its specific features.