What's New @ LogRhythm
Learn about new product innovations we deliver every 90 days. Register for our April release webinars!
April 2024 Updates
LogRhythm is proud to announce our eighth consecutive quartlery release!
From compliance content, new and enhanced log sources, integrations, and more, explore what’s new this quarter.
- SOC Prime Integration
- SOC Prime Integration through uncoder.io
- Ability to convert third party rules from top vendors as well as SIGMA
- Supports output as Axon search syntax and Analytics rules
- Content Sharing – Dashboard Import/Export
- LogRhythm & customers can develop and share dashboards, widgets and associated saved searches can be exported from one environment and imported into another
- LogRhythm Axon GitHub repository will accelerate the threat hunting workflow
- Content Sharing – Compliance Dashboards
- Compliance dashboards made available thru LogRhythm Axon GitHub
- PCI-DSS 4.0, CMMC, HIPAA, ISO 27001 and NIST 800-53
- Compliance dashboards made available thru LogRhythm Axon GitHub
- Case Management Improvements
- Case page metrics details cases by open & unassigned cases, cases by severity, and cases by status
- Automatic case creation uses observation group bys in creation logic for each instance of a rule firing
- Redesigned Log List panel includes highlighted key metadata field
- Improved Detection Capabilities
- Directionality Enrichment
- Silent Log Source Alerts
- Analytics Rule Suppression
- SOC 2 Certification
- Agent Improvements
- Addition of a Secure Syslog Receiver
- Enhancement to allow a single agent to simultaneously receive syslog over UDP, TCP and TLS/Secure Syslog
- Platform Enhancements
- Configuration options to filter out specific LogRhythm Diagnostic events
- Saves SQL insert overhead, disk space, and dashboard noise
- Introduced CentOS to Rocky ISO
- Case Managements Enhancements
- Access to Cases now adheres to entity separation permissions
- Administrators can ensure that individual business units can only access the data assigned to them through entity separation and RBAC controls
- Workflow Improvements
- Automatically retire associated log sources when a Beat is retired
- Automatically retire associated Beats and log sources when an Open Collector is retired
- Use Admin API to configure & update XML filter for Windows Event log sources
- Linux Log Source Optimization
- Syslog Linux has been separated out to support specifically OS level logging
- Log Source Virtualization should be used to cover application logs being included in this data stream
- Log Collection Improvements
- NEW: Linux Host (LSO)
- ENHANCED: CrowdStrike Falcon Host (CEF), Linux Host Secure Log, Fortinet FortiGate, MS Windows Event Logging XML – Application, MS Windows Event Logging XML – Security, Apache Access Log, Cisco Firepower Threat Defense, Cisco FireSIGHT, Cisco ISE, F5 Big IP ASM, F5 Big IP ASM v12, Generic Linux OS, Juniper Firewall, Juniper Router, Azure Event Hub, Gmail Message Tracking, Apache Tomcat Access Logs, Broadcom SiteMinder, Forcepoint Stonesoft NGFW, Kaspersky Security Center, Kemp Load Balancer, AIX Host, BSD Host, AWS CloudTrail, Microsoft Netlogon, Check Point Log Exporter, Ecessa ShieldLink, HP Switch, HP-UX Host, IRIX Host, Palo Alto Firewall, Solaris Host, Symantec Messaging Gateway
Promises made. Promises kept.
January 2024 Updates
LogRhythm is proud to announce our seventh consecutive quarterly release. This quarter, there are many notable improvements to the tech stack. From enhancing log collection, search functionality, and analyst workflows, discover the latest updates below and register for our quarterly release webinars.
- Log Collection Administration Enhancements
- Added support for additional Beats in the Web UI: Gmail Message Tracking, Okta, Darktrace, Sophos, Qualys FIM, GSuite
- Platform Enhancements
- Rocky Migration Support
- Gen6 Advanced Settings Updates
- Web Console log export in user’s local time
- Automatic file path population for all Windows Event Log based Log Sources
- Alarm notification direct users to alarm details
- Log Collection Improvements
- NEW: ForitNAC, Tenable.ot Security, strongSwan VPN, F5 Big IP System, Qradar Network Security
- ENHANCED: Syslog- IRIX Host, Juniper Firewall, Juniper Junos, Linux Audit, Linux Host, LogRhythm Network Monitor, MacOS X, Mimecast Email, MS Windows Event Logging XML – Application, MS Windows Event Logging XML – Security, Palo Alto Cortex Data Lake CEF, Palo Alto Cortex XDR, Palo Alto Firewall, SecureLink, SentinelOne CEF, Solaris (Snare), Solaris Host, SonicWall, Sophos XG Firewall, Symantec DLP CEF, Tanium, Trend Micro Apex One, Trend Micro Deep Security CEF, VMWare ESX/ESXi Server, VMWare Unified Access Gateway, VMWare vCenter Server, Zscaler Nano Streaming Service, Syslog – Open Collector – AWS Guard Duty, Azure Event Hub, Okta System Log
- Expanded In-App Training:
- Dashboards, Searching, Case Management, Beat Management, Alarm Management
- Introduction of Single Screen Investigation
- Threat Hunting Panels in one screen – seamlessly view case evidence without the need to shift context
- Case detail panel, Evidence list, Single log inspector
- Case Management Improvements
- Bulk Case Management controls, where owners, status, and priority can be quickly updated on multiple cases
- API documentation in LogRhythm Documents website
- Assisted Search Improvements
- Analysts construct a query and select the ‘in’ or ‘not in’ operators, system intuitively suggests list names and columns in plain English
- Easier raw message search
- Recent search queries
- Improved Detection Capabilities
- More MITRE aligned content
- Auto-case creation for Out-of-the-Box rules
- Agent Improvements
- Agent includes 9 additional Windows Event channels
- Updates to Agent management grid
- Diagnostics script to collect data for Windows and Linux platforms
- Enhancements to Agent installation process
- New Agent 1.2 with updated components
- Additional and enhanced log sources
- Detection Enhancements
- DNS models to align better detection outputs with analyst expectations, and machine learning investigations
- Platform Performance Improvement
- Enhancements to the Elasticsearch database
- Standardizing the distribution of data, Streamlining calls against the database, Reducing overhead on the database
- Deep Packet Inspection (DPI) engine optimizations
- Java update
October 2023 Updates
This quarter, our product innovations help bridge skill gaps, cut log source onboarding time, enhance contextualization into threats, and much more!
Explore our latest product updates in the dropdown and resources below, plus watch our quarterly release webinar for more information.
- Introducing log collection management in the Web Console
- Streamlined workflow in the Web Console allowing for management of Open Collectors, Beats, and the log source associated with Beats
- Simplified experience, cutting onboarding time by 50%
- Admin API updates for the following administrative actions :
- Beat Management
- Open Collector Management
- Introducing the Resource Center into LogRhythm Web Console
- Important updates quickly surfaced to the users
- Direct links to documentation, training, Community, and support
- In-product guided tutorial of Web Console and how to use it as an analyst
- Out-of-the-box support for more log types: Salesforce eCommerce Cloud Audit and Security logs, CyberArk, Zscaler, NetMon, Carbon Black, FortiGate, CrowdStrike, Imperva, ePO, SonicWall, OpenLDAP, and more
- Improved workflow for sending logs to LogRhythm Axon
- LogRhythm Cloud: get real-time insight into deployment stats e.g., current MPS, average log size, processing queues, and TTLs
- LogRhythm Gen6 Hardware Refresh
- New detection models in UEBA with Machine Learning to detect variations in the user behavior that may be related to an attack
- Automatic detection of changes in user activities:
- Unusual time of the day
- Unusual day of the week
- Additional Detection Capabilities
- Common Events and be used in Search and Displayed in Dashboards
- Support for Special characters and Regex in Search
- Improbable Travel anomaly detection
- Additional out-of-the-box MITRE rules
- New Count Unique Values Observed rule block
- Introducing Case Management for Incident Management workflows
- Manual Case creation from logs
- Automatic Case creation from analytics rules
- Case Status, ownership, and severity
- Case Comments, Links, and Logs added to case
- Case notification emails on automatic case creation, status and ownership changes
- Rules/System testing and simulation
- Signal Replay allows for synthetic logs to be replayed into the
- Allows for testing of analytics rules and parsing
- LogRhythm Axon “LogWars” a LogRhythm sponsored interactive threat-hunting game
- Axon instance hosted in Australia
- Ability to configure Automatic Axon Role Assignment for new users logging on via Single Sign On
- IP addresses from hosts behind load balancers are now unmasked to expedite incident response
- Less clicks to inspect anomalous activity by surfacing more context around deviations from the baselin
The new cloud-native platform gives security teams more flexibility and reduces their burden of managing data and operational infrastructure, helping them focus on the work that matters. With the Axon security operations platform, log collection and enrichment are intuitive by design, making it easy to search for, analyze, and report on potential threats, and to meet SOC requirements.
As allies in the fight against digital weaponization, we are obsessed with continuously improving the way we work to deliver innovation customers care about. We are dedicated to helping customers meet rising security expectations by keeping our promise of delivering quarterly innovation to both the Axon platform as well as our entire product portfolio. With LogRhythm Axon, SIEM, NDR, and UEBA, we are helping busy and lean security teams proactively detect threats, efficiently investigate incidents, and ultimately keep their business and customers safe, day after day.
Previous
Next
July 2023 Updates
This quarter, our product enhancements improve operational efficiency for analysts and visibility into potential risks. Learn more about our product updates by watching our July quarterly launch webinar or find details in the drop down below!
- A native, high-performance JSON parser
- SecondLook Service for self-hosted LogRhythm SIEM (already available for LogRhythm Cloud)
- Data process pooling
- Agents auto-distribute logs across Data Processor Pool
- Streamlined Cloud Data Processing
- View System Monitor Agents and Last Heartbeat in the Web Console
- Support for Rocky Linux and RedHat 9, Windows Server 2022 and Windows SQL Server 2019
- Automate and reduce the administrative overhead of System Monitors and log sources with the REST API
- Configure, update, and retrieve System Monitor DP Pooling settings, System Monitor Load Balanced Group settings and log source Watch File Rename on Rollover settings
- Data collection increases the depth and breadth of data collection methods and device support content with LR7, now with support for Windows 11
- Data collection is performed for on-premises devices using the System Monitor Agent
- Cloud-based sources, purpose-built cloud collectors are in development to support security use cases via Open Collector
- Out-of-the-box support for more log types, including eStreamer v7.2, Darktrace,
and SonicWall Sonic OS/X UPE, along with enhancements to Cisco ISE, Cisco Meraki, and more
- Choose and configure any SMTP server
- Support India Availability Zone
- Enhanced network threat detection models thru enhanced scoring
- Analyst determined threshold for incident and case creation
- Add new safelist categorization to bring clarity to alarms
- In-product training through Pendo
- New CBT training courses
- Continued transition to new analyst experience
- Export log source types and related processing policies to a file
- Import log source types from an exported file
- Detection information improvements
- Assign threat severity to observations as an option set during rule creation
- Add classification and informational metadata fields to observations
- Email notifications can be sent when threats are detected
- New and updated support for MITRE detections
- Support European Union Availability Zone
- SOC2 certification
- Search and visualization improvements
- New default search layout for easier analyst experience
- Improved assisted/suggested search to streamline investigations
- Agent-side log filtering centrally managed through analyst interface
- Easier integration for SaaS applications that support Webhooks
- Webhooks collector supports Basic and Token authentication models
- Easily send data to LogRhythm Axon for custom use-cases
- New API Documentation and Swagger files: https://docs.logrhythm.com/axon/docs/axon-api-guide
- Revamped Release Notes: https://docs.logrhythm.com/axon/docs/
- New supported log sources: https://docs.logrhythm.com/axon/docs/supported-log-source-types
April 2023 Updates
This quarter, we introduced new automation, extended threat detection capabilities, and improved log source management to simplify the analyst experience.
- Improved SecondLook workflow and administration
- Quick search function for completed “SecondLook restores” (LogRhythm Cloud)
- Automatic maintenance of archive indices (self-hosted)
- New and enhanced log sources: Prisma Cloud, Salesforce Commerce Cloud, Open Collector behind Squid Proxy, SysMon support for Red Hat Enterprise Linux (RHEL), Open Collector – Oracle Version Update, SysMon Oracle Version Update
- MDI: Enhanced MPE Rules and signature IDs: Cisco Secure Email, Cisco Umbrella, FireEye, Imperva, Tanium, ForcePoint, MS Windows Event Logging, MS Exchange Management, Symantec DLP, and more
- Improved Open Collector on-boarding experience
- New Open Collector Manage Page enables centralized management of deployed Open Collectors
- Support for customer requested LogRhythm Beats (Prisma Cloud, Symantec WSS, Microsoft Graph API, Carbon Black Cloud, Cisco AMP, DUO, and Proofpoint)
- New log source administration page in the web console
- Enhanced the Admin API with additional endpoints to configure Log Source Virtualization settings and added two new administrative functions
- Individual role-based access controls for SecondLook restores (LogRhythm Cloud)
Expanded detection coverage with new out-of-the-box UEBA uses cases:
- User anomaly + password modified
- User anomaly + file download
- User anomaly + file deleted first stage recycle bin
- User anomaly + file deleted second stage recycle bin
- Enhanced analyst experience
- Computer Based Training to empower customers to get full value out of NDR
- Robust product documentation library
- Completed new User Interface (UI)
- Streamlined analyst processes built in new UX
- More upfront information around network traffic and incidents
- Enhanced dashboard with key infographics
- More customization available in dashboard
- Standardized “platform” look and feel
- Suggestive Search
- Clustered Observations:
- Aggregate observations for hosts, users, and networks
- Related observations have “interesting” common event
- Sunburst Widget update
- Single Metric Widget
- Initial release of Axon Linux Agent for flat file and syslog
- Updated Axon Windows Agent with tuning and performance options
- Configuration options for agent log level and centralized visibility into agent status
- Documentation to advertise known support rates of cloud collectors
- Performance and quality improvements
- Cribl
- Cimcor
- Varonis
January 2023 Updates
This quarter’s enhancements span LogRhythm’s product portfolio to enable SOC teams to detect and resolve threats easily and improve analysts’ effectiveness.
- New Web UI running on Open Collector (OC Admin)
- MPE Rule sharing
- New and enhanced log sources
- New log source initial analysis – GCP update, Windows WMI, Sysmon on Latest Ubuntu- Ubuntu22
- New and updated SmartResponses™: urlscan.Io, Microsoft 365 Defender for Endpoint V1, TrendMicro Vision One V1.0, ServiceNow, Microsoft OneDrive/SharePoint, MS Office 365
- Enhanced auditing support
- LogRhythm Cloud: Archive retrieval in the cloud
- Analyst experience: parse hosts as metadata in output log
- Detection: New models using windows logs that track, windows security event ID, windows logon type
- Microsoft EDR integration
- VirusTotal Data Collection
- Continued roll out of new and refreshed user interface
- Increased customizations available in dashboard
- Security analytics
- Automated threat detections identified by
our analytics engine - MITRE ATT&CK™ threat detection
- End-to-end authoring of streaming analytics rules
- Observation Workflow
- Analyst workflow that is faster and more flexible
- Additional visualizations and data analysis tools
- Histogram and markdown visualizations
- Ability to fine-tune Axon Agent performance
- Single-Sign-On support
“Axon has already given our team the tools to effectively analyze our environment and improve our security posture.” – Eric L., Network Engineer, global manufacturing company
October 2022 Updates
In October, we introduced our brand new, cloud-native security operations platform — LogRhythm Axon! In addition, we launched valuable enhancements to LogRhythm SIEM 7.10, UEBA, and NDR solutions.
- Cloud-to-cloud collection support for Amazon Web Services (AWS) S3 logs
- Log source support and parsing improvements to specific log sources
- Automation functionality around endpoints and new metrics API
- SmartResponse™ executes preventative actions
- FIPS compliance
- UI improvements in the UEBA lab streamline the analyst workflow
- New model that tracks when the user authenticates using a new log source type
- Identifies 0365 services hosts in the logs
- User score now takes the origin host details involved in the anomaly
- Ingests data from NetFlow
- Features a newer version of the MITRE ATT&CK™ framework
- Leverage vulnerability scanner data to qualify IDS detections
- Establishes case definition based on IDS rule of IOC mapped to ransomware
- UI contains a more streamlined and intuitive analyst workflow
- IDS rule/signature in the UI details on Incidents page
- Create an allowlist from the Policy Management page
- Validates the successful connectivity and integration of third-party software
- Communication traffic go through explicit proxy customers to implement network policies
- Guided and intuitive workflows
- Use of “common” language for accessing information/threats
- Intuitive dashboarding and reporting capabilities
- Axon and related resources for storage/retention will be managed by LogRhythm
- Cloud-native architecture
- Predictable licensing based on storage
- Cloud collection for both IaaS and SaaS based applications
- Log data is normalized and classified into the LR patented MDI format
- Data is enriched with information on geolocation and DNS look ups
- Auto log-source onboarding and Policy Builder
Introducing the Innovation Portal
To ensure that LogRhythm’s product deliverables are tailored to our customers’ needs, we created the Innovation Portal! This section of the Community contains quick showcases of what’s in development. You’ll find a mix of videos, surveys, and other spotlights — all of which come with an open invitation for feedback.
Let us know your thoughts through the surveys and comments section and signal your general support with a Kudos. We’ll keep a close eye on this section and will steadily supply it with new content.
Schedule a Demo with LogRhythm
Let one of our security experts review your uses cases and demonstrate how the LogRhythm can help you reduce noise, prioritize work that matters, and quickly secure your environment.
