The Best SIEM in the Market Just Got Even Better

LogRhythm SIEM Platform version 7.10

Security information and event management (SIEM) is at the very heart of your security strategy, with digital weaponization becoming more and more of a threat every day. LogRhythm has been a leader in the security analytics space for nearly 20 years and we are taking that experience and applying it to today’s requirements with LogRhythm 7.10.

The LogRhythm SIEM provides an easy-to-use interface that can be customized to organizations’ environments. This includes powerful investigative tools that organize and leverage available data within LogRhythm. Unlike the competition, LogRhythm provides a complete security narrative with Host and User Detail pages to help analysts spot security issues and accelerate their response time.

Many customers have come to rely on LogRhythm SIEM to help them find threats fast, respond, and eliminate risks before they can derail an organization. This latest launch delivers greater efficiency and security as well as extended support. LogRhythm released version 7.10 of the LogRhythm SIEM on Sept. 29. Let’s discuss this new release further.

What’s new in LogRhythm SIEM 7.10?

The LogRhythm platform is now Federal Information Processing Standards (FIPS) compliant starting with version 7.10, enabling customers to run servers in a FIPS compliant/certified mode using LogRhythm. The latest release offers expanded cloud to cloud capabilities with support for Amazon Web Services (AWS) S3. LogRhythm also extends SmartResponseTM and log source support capabilities with added integrations that extend the markets leading ecosystem further with new and updated collaborations for your security stack. Enhancements to LogRhythm SIEM’s automation capabilities make the analyst experience easier and enable them to focus on what matters most, finding and responding to threats.

LogRhythm SIEM FIPS compliance has achieved “in-progress” status

Customers that are required to run servers in a FIPS compliant/certified mode can now run the latest version of LogRhythm 7.10 SIEM. Starting in 7.9, LogRhythm has achieved in-progress status for FIPS set forth by NIST, meaning U.S. federal agencies and their contractors (as well as many other organizations who use this standard as a best practice) can assuredly run in a complaint mode for their SIEM processes.

Cloud to cloud collection

LogRhythm Cloud now allows analysts to seamlessly investigate potential threats from all three major public offerings. LogRhythm 7.10 adds support for Amazon Web Services (AWS) S3 log data to the existing connections for Google Cloud Public (GCP) and Microsoft Azure. Security analysts can find threats in any cloud process faster and respond to them eliminating any potential risk.

Open Collector and MDI expansion and updates

LogRhythm expanded log source support and parsing improvements to specific log sources. These updates enable better correlation and analysis of specific threats to obtain a greater understanding of your data.

New log sources included in this update;

  • Azure Government Cloud
  • Palo Alto Prisma
  • OC China Cloud
  • Symantec Beat

LogRhythm’s MDI Fabric also adds the capability to ingest, classify and enrich data from;

  • Palo Alto Cortex Data Lake
  • New: Trend Micro Deep Discovery Directory
  • Trend Micro Email Security
  • Checkpoint Log Exporter (Updated)
  • Trend Micro Apex One (Updated)

New and enhanced SmartResponses

LogRhythm SmartResponse lets you execute preventative actions when threatening activity occurs. Helping empower SOC teams to accomplish more and reduce time to resolve security threats, accelerating customer time to value. LogRhythm already has numerous automations, but continues to add and enhance these capabilities with each of our quarterly releases.

The following is a list of the new and enhanced SmartResponses for this release:

  • Zscaler v3.0
  • Account Log Off v2.0
  • FireEye
  • Cisco Umbrella v3.0
  • Azure AD v2.1

Automations help analysts get the job done

LogRhythm 7.10 now offers additional automation functionality through new Admin API endpoints and a new Metrics API. Customers can use the APIs to integrate with third-party tools and dashboards making it easier to respond to threats and eliminate risks. This release allows organizations to:

  • Associate pending log sources to automate the management of quickly changing environments with an Admin API
  • Obtain the alarm URL with the Alarm API
  • Retrieve log volume and DX TTL values for your environment with the Metrics API

Continuing to invest in LogRhythm

LogRhythm SIEM builds upon the best analytics in the space with the addition of orchestration, automation and response (SOAR) and embedded UEBA capabilities. For the latest news on what’s new with LogRhythm UEBA please take a look at the UEBA blog post from my colleague Melissa Ruzzi.

LogRhythm’s unmatched platform approach to security also allows SIEM users to integrate seamlessly with network detection and response capabilities within LogRhythm NDR. To learn what’s new with our NDR solution, please check out Derek Watkins’ NDR blog post.

LogRhythm is also already a leader given the breadth of log sources that feed our analytics. LogRhythm offers more than 1,000 out-of-the-box (OOTB) correlation rules, organized with other analytics content into purpose-based modules (e.g., CSC, UEBA, PCI, SOX) to support more than 100 frameworks. LogRhythm’s unified architecture streamlines deployment and ongoing management, while our unparalleled OOTB content helps customers rapidly reach their threat management and compliance objectives.

LogRhythm continues to innovate on the already market leading capabilities of LogRhythm SIEM with this release of LogRhythm 7.10 available for flexible deployments both on-premise and in the cloud. If you would like to take a closer look at this release, please feel free to contact us at