Every quarter, LogRhythm improves customers’ experiences with new innovations that save users time and ease their workflow. With our fifth consecutive quarterly product release, LogRhythm is continuing the momentum with LogRhythm SIEM version 7.13, which features improvements to log source onboarding and log source management.
LogRhythm 7.13 features a new engine in the SIEM that can ingest JSON data significantly faster than before, a data processor pooling system that automatically distributes logs across data processors, and new and updated supported log sources, enabling you to focus on threat detection, investigation, and response.
Simplify Workload with LogRhythm’s New JSON Parsing Engine
We understand the challenges you face onboarding log sources. That’s why the team has made it even easier to ingest cloud-native log sources. As part of LogRhythm 7.13, we’ve embedded a JSON parsing engine into System Monitor, the SIEM’s collection system. The new engine, available to self-hosted and LogRhythm Cloud customers, reduces complexity and offers a significant performance increase. Now you no longer need to rely on JQ language to define parsers The latest update simplifies workload and administration to onboard data. LogRhythm Cloud customers can use the new JSON parsing engine via on-prem Open Collectors and System monitors. Cloud to Cloud collection will be updated at a later time.
Reduce Administrative Overhead with Data Processor Pooling
Your agents are your workhorses as they collect data and ship the data to a data processor, which handles the parsing. But there had not been a good way to load balance these agents across multiple data processors — until now.
With LogRhythm 7.13, LogRhythm introduces Data Processor Pooling, a new feature that lets administrators define a pool of one or more data processors to allow a single agent to collectively send its data to a group of data processors. When an agent is assigned a Data Processing Pool, the agent will spread the logs across the data processors. This removes the need to manually review agent volumes and adjust which data processors the agents are sending to, saving you time. The feature is available to both self-hosted and LogRhythm Cloud customers.
View Agents in the Web Console
To further support LogRhythm’s work to introduce additional client console functionality into the web console, LogRhythm created an Agents page that lets self-hosted and LogRhythm Cloud customers see and search through System Monitors in the web console, saving them time from switching between consoles. Customers can select an Agents administration page to view and do the following:
- View active and retired system monitor agents and details:
- SysMon Name
- Active Log Sources
- Last Heartbeat
- Last Data Processor
- Filter and sort in each column
- User visibility into agents will adhere to user profiles and permissions
SecondLook is Available to Self-hosted Customers
At LogRhythm, we take data seriously. And when it comes to retaining data, it’s important that customers find their data—especially older data—easily. With LogRhythm 7.13, customers who use our self-hosted SIEM option now have access to SecondLook, a tool that enables users to query data and search it in the archives, in the web console.
Customers that use this SecondLook feature can now search through their archives using the web console instead of the client console. This saves customers time from pivoting between consoles and passes SecondLook searches off to a dedicated service for a more reliable user experience. The latest release follows the launch of SecondLook in the web console to LogRhythm Cloud customers earlier this year as part of the LogRhythm 7.11 release.
Refreshed Operating Systems
To boost your performance, LogRhythm has updated the operating systems installed on LogRhythm appliances. Over time, operating systems become outdated, making past versions unsupported. With the release of 7.13, LogRhythm is supporting and installing Microsoft Server 2022, Microsoft SQL Server 2019, and Rocky Linux. For customers that prefer the open-source version of Linux, Data Indexers and Open Collector support Rocky Linux 9 and RHEL 9. For customers with RHEL licenses, LogRhythm SIEM supports RHEL 9.
We’ve also added additional support for System Monitor, which includes Windows 2022, Windows 11, Rocky Linux 9, and RHEL 9.
Ongoing Log Source Support
LogRhythm is continuing to review our supported log sources and make updates to strengthen our correlation and analysis. Our new and enhanced methods of ingestion include:
- Cisco Identity Services Engine: New policies help prevent classification errors and provide more consistent parsing of log source data for Cisco Identity Services Engine while new messaging processing engine (MPE) rules parse log metadata to the correct schema fields and classify highly complex log source data.
- DarkTrace: Helps customers collect logs from DarkTrace.
- eStreamer: Updates LogRhythm’s integration with eStreamer to support up through version 7.2.
- SonicWall Unified Policy Engine: Enhances LogRhythm’s integration with SonicWall to include collection and parsing from SonicWall’s Unified Policy Engine (UPE).
- Cisco Meraki: New policies help prevent classification errors and provide more consistent parsing of log source data for Cisco Meraki while new MPE rules parse log metadata to the correct schema fields and classify highly complex log source data.
Upgrade to LogRhythm 7.13 and Stay in the Know
Get the latest features in LogRhythm 7.13! If you are an existing customer, you can request a license here and download LogRhythm 7.13 from Community. To keep your software current, LogRhythm’s Professional Service team can help you stay up to date with our SIEM releases every quarter — seamlessly and on your schedule with our Unlimited Upgrades Service. Customers can also get details on the latest LogRhythm product news and influence future features by visiting LogRhythm’s Innovation Portal.
Not a customer? You can still find out more about LogRhythm’s full suite of product releases for LogRhythm SIEM, LogRhythm Axon, and LogRhythm NDR, by registering for the July 2023 Quarterly Launch webinar or visit our What’s New webpage.