On the heels of LogRhythm version 7.5, LogRhythm is excited to announce the general availability of LogRhythm version 7.6. The new release marks a change in how we’re delivering product updates and features. As part of our commitment to customers, LogRhythm will be focused on smaller, more targeted releases to help you adapt your security needs faster.
New features in 7.6 improve the analyst’s user experience, as well as simplify deployment. Read on to learn about the latest updates to the LogRhythm NextGen SIEM Platform.
Greater Ease of Use and Simplified Deployment
LogRhythm 7.6 makes it easier for analysts to use the LogRhythm Platform. From improved dashboard layouts and a modern login experience to greater cloud capabilities and an enhanced Elastic offering, 7.6 helps analysts reduce their time to value and be more effective.
Updated Out-of-the-Box Dashboards and Analyze Layouts: We introduced new visualization and capabilities — including colors and filters — to the LogRhythm Executive, IT Operations, and Security Analyst Dashboards and the Analyze layouts. Through our out-of-the-box sample content, analysts can access more colorful layouts and different widgets to build custom content to suit their specific needs. This feature also helps analysts consume information to make faster decisions.
Single Sign-On Support for Web Console (SAML v2): As more organizations move to cloud environments, users expect a seamless experience when accessing systems and applications. As part of LogRhythm 7.6, we offer single sign-on support for the Web console via SAML v2 Protocol, which lets you log in with one set of credentials (i.e., (username and password) to several software platforms. This feature simplifies user management by leveraging an identity and access management (IAM) platform. The benefit? It offers a modern login experience and a new layer of security.
Log Source Virtualization on Linux SysMon Agent: This capability allow the Linux SysMon Agent to break combined streams of data (e.g. from a syslog forwarder) and split it into discrete log sources. This removes the dependency of open collectors to include a Windows deployment of a SysMon agent. If you are a customer with a smaller Windows footprint, you can take advantage of this function without the need for a Windows host. For Open Collector users, this feature is especially useful users because it shortens the pipeline to Open Collector.
Centralized Metrics for Open Collector
Open Collector now offers the option to collect metrics locally or to send the metrics to the Platform Manager. If sent to the Platform Manager, Centralized Metrics gives users a view of all performance metrics in one location for multiple Open Collectors. In addition, you can also see open Collector metrics with the context of the entire platform metrics. This makes it easier to identify issues such as processing bottlenecks and perform troubleshooting because it’s all in one location,
Expanded Cloud Capabilities
In addition to making security analysts’ jobs easier, 7.6 also includes new features that improve feature parity between LogRhythm Cloud and our on-premise SIEM solution.
Role Based Access Control (RBAC) Updates for LogRhythm Cloud: Our RBAC improvements give greater control to LogRhythm Cloud customers who use Client Console to administer users and assign permissions on Case Widgets and Reports. This feature helps close the gap between our on-prem solution and the LogRhythm Cloud parity.
Additional CloudAI Labels: To help analysts make faster and better decisions, we released additional CloudAI Labels, such as labeling users with Privileged User and a host with File Server or Database Client. CloudAI Labels use machine learning to automatically apply contextual labels to users and hosts as database services and database clients. They describe an asset’s attributes to help users understand what the asset is and how it functions within the environment. This data is generated by CloudAI using learned behavior versus it being collected and presented from a third-party system.
Since our last update, we released made some updates to some existing Beats and added new Beats, including:
- Cisco Secure Endpoint (formerly Cisco AMP)
- Generic Webhook Beat
You can find the most recent Beats on the LogRhythm Community.
Elastic Upgrade: As part of 7.6, we’ve upgraded our Elasticsearch version that includes new APIs enhancing authentication. The new version includes enhanced security and bugfixes and supports compatibility with an upgrade version of Kibana.
Release 7.6 contains additional security updates. Please visit Community for all the details.
Getting Started with 7.6
Version 7.6 will make tasks easier for your analysts, helping them become more efficient and improve on your organization’s security maturity. Download 7.6, or for more information on all of the 7.6 features, watch the What’s new in LogRhythm 7.6 video.