What's New @ LogRhythm

Learn about new product innovations we deliver every 90 days. Register for our January release webinars!

January 2024 Updates

LogRhythm is proud to announce our seventh consecutive quarterly release. This quarter, there are many notable improvements to the tech stack. From enhancing log collection, search functionality, and analyst workflows, discover the latest updates below and register for our quarterly release webinars.

  • Log Collection Administration Enhancements
    • Added support for additional Beats in the Web UI: Gmail Message Tracking, Okta, Darktrace, Sophos, Qualys FIM, GSuite
  • Platform Enhancements
    • Rocky Migration Support
    • Gen6 Advanced Settings Updates
    • Web Console log export in user’s local time
    • Automatic file path population for all Windows Event Log based Log Sources
    • Alarm notification direct users to alarm details
  • Log Collection Improvements
    • NEW: ForitNAC, Tenable.ot Security, strongSwan VPN, F5 Big IP System, Qradar Network Security
    • ENHANCED: Syslog- IRIX Host, Juniper Firewall, Juniper Junos, Linux Audit, Linux Host, LogRhythm Network Monitor, MacOS X, Mimecast Email, MS Windows Event Logging XML – Application, MS Windows Event Logging XML – Security, Palo Alto Cortex Data Lake CEF, Palo Alto Cortex XDR, Palo Alto Firewall, SecureLink, SentinelOne CEF, Solaris (Snare), Solaris Host, SonicWall, Sophos XG Firewall, Symantec DLP CEF, Tanium, Trend Micro Apex One, Trend Micro Deep Security CEF, VMWare ESX/ESXi Server, VMWare Unified Access Gateway, VMWare vCenter Server, Zscaler Nano Streaming Service, Syslog – Open Collector – AWS Guard Duty, Azure Event Hub, Okta System Log
  • Expanded In-App Training:
    • Dashboards, Searching, Case Management, Beat Management, Alarm Management
  • Introduction of Single Screen Investigation
    • Threat Hunting Panels in one screen – seamlessly view case evidence without the need to shift context
    • Case detail panel, Evidence list, Single log inspector
  • Case Management Improvements
    • Bulk Case Management controls, where owners, status, and priority can be quickly updated on multiple cases
    • API documentation in LogRhythm Documents website
  • Assisted Search Improvements
    • Analysts construct a query and select the ‘in’ or ‘not in’ operators, system intuitively suggests list names and columns in plain English
    • Easier raw message search
    • Recent search queries
  • Improved Detection Capabilities
    • More MITRE aligned content
    • Auto-case creation for Out-of-the-Box rules
  • Agent Improvements
    • Agent includes 9 additional Windows Event channels
    • Updates to Agent management grid
    • Diagnostics script to collect data for Windows and Linux platforms
    • Enhancements to Agent installation process
    • New Agent 1.2 with updated components
  • Additional and enhanced log sources​
  • Detection Enhancements​
    • DNS models to align better detection outputs with analyst expectations, and machine learning investigations
  • Platform Performance Improvement
    • Enhancements to the Elasticsearch database​
    • Standardizing the distribution of data, Streamlining calls against the database​, Reducing overhead on the database​
  • Deep Packet Inspection (DPI) engine optimizations​
  • Java update​

Today, we celebrate another consecutive quarter of fulfilling innovation promises that matter to our cherished customers and partners. This marks our seventh consecutive quarter of delivering on our promises made, and this success is rooted deeply in our customer-obsessed and growth-mindset culture.

Your satisfaction remains our north star, guiding us to a deeper understanding of your ever-changing requirements so we can continue to improve in your service. Our unwavering commitment to innovation is the lifeblood of our growth and drives progress in all aspects of our organization. Whether it be in product, services, or customer experience, we are relentlessly driving innovation to better serve you.

In our unprecedented 7th consecutive quarterly release, we are proud to bring you the following enhancements to our product portfolio: 

 LogRhythm Axon

  • New interactive single screen investigation reduces mean time to respond (MTTR) by highlighting contextual insights of cases with drill-down capabilities of log sources and security analytics in a single pane of glass 
  • Improved Assisted Search feature increases analysts’ productivity with suggestions of recent searches, search lists, and search queries 
  • Additional collector for Microsoft Office 365 Management API expands visibility by enabling monitoring, analysis, and data visualizations about user, admin, and policy actions from Office 365 and Microsoft Entra 
  • Enhancements to Axon Agent management increases efficiency for on-prem data collection by making it easier to deploy and upgrade agents  

LogRhythm SIEM 

  • Expanded support to onboard additional Beats and Open Collectors from a single location, cutting the workload in half 
  • Simplified Windows Event log onboarding and improved analyst workflows when reviewing alarm notifications
  • Broadened library of supported log sources and parsing capabilities to enhance LogRhythm SIEM’s ability to correlate and analyze data effectively    

LogRhythm NDR 

  • Toggle button to hide safelisted items in the Hunt Activity Page increases analyst efficiency by allowing them to focus on the highest priority detections 
  • Expanded IP geolocation contextualization with country and region empowers analysts to make quick decisions
  • Enhancements to detection engines of machine learning DNS models reduces false positives

In a world where digital threats continually evolve, you need a trusted partner that remains unwaveringly focused on aligning your needs as a customer with delivered capabilities. Our pledge to you is to harmonize your security demands with our solutions, to be the partner that is laser focused on bolstering your cybersecurity arsenal and empowering your security teams for the challenges that lie ahead.

In 2023, we delivered over 200 new features across our self-hosted and cloud-native SIEM platforms, LogRhythm SIEM and LogRhythm Axon, and the best part is we’re just getting warmed up! LogRhythm Axon continues to see rapid development and deployments at the end of every agile two-week sprint, and product updates are deployed to production as completed. LogRhythm SIEM continues to improve product quality and makes updates available monthly.

As we kick off the new year, rest assured that a revitalized and customer-obsessed LogRhythm is here to serve you with dedication, innovation, and a resolute focus on helping you quickly and confidently defend against digital weaponization. We are deeply thankful for your unwavering support, constructive feedback, and encouragement. Our journey is made richer by your collaboration, and we are sincerely grateful for the trust you place in us. Your feedback is a blessing on our ongoing quest to better serve you.

 
Sincerely,
 
Chris O’Malley, 
LogRhythm CEO

October 2023 Updates

This quarter, our product innovations help bridge skill gaps, cut log source onboarding time, enhance contextualization into threats, and much more!

Explore our latest product updates in the dropdown and resources below, plus watch our quarterly release webinar for more information!

  • Introducing log collection management in the Web Console
    • Streamlined workflow in the Web Console allowing for management of Open Collectors, Beats, and the log source associated with Beats
    • Simplified experience, cutting onboarding time by 50%
  • Admin API updates for the following administrative actions :
    • Beat Management
    • Open Collector Management
  • Introducing the Resource Center into LogRhythm Web Console
    • Important updates quickly surfaced to the users
    • Direct links to documentation, training, Community, and support
    • In-product guided tutorial of Web Console and how to use it as an analyst 
    • Out-of-the-box support for more log types: Salesforce eCommerce Cloud Audit and Security logs, CyberArk, ZscalerNetMon, Carbon Black, FortiGate, CrowdStrike, Imperva, ePO, SonicWall, OpenLDAP, and more 
  • Improved workflow for sending logs to LogRhythm Axon 
  • LogRhythm Cloud: get real-time insight into deployment stats e.g., current MPS, average log size, processing queues, and TTLs
  • LogRhythm Gen6 Hardware Refresh
  • New detection models in UEBA with Machine Learning to detect variations in the user behavior that may be related to an attack
  • Automatic detection of changes in user activities:
    • Unusual time of the day
    • Unusual day of the week 
  • Additional Detection Capabilities
    • ​Common​ Events and be used in Search and Displayed in Dashboards
    • Support for Special characters and Regex ​in Search
    • Improbable Travel anomaly detection​
    • Additional out-of-the-box MITRE rules​
    • New Count Unique Values Observed rule block​
  • Introducing Case Management for Incident Management workflow​s
    • Manual Case creation from logs​
    • Automatic Case creation from analytics rules​
    • Case Status, ownership, and severity​
    • Case Comments, Links, and Logs added to case​
    • Case notification emails on automatic case creation, status and ownership changes
  • Rules/System testing and simulation
    • Signal Replay allows for synthetic logs to be replayed into the
    • Allows for testing of analytics rules​ and parsing
    • LogRhythm Axon “LogWars” a LogRhythm sponsored interactive threat-hunting game
  • Axon instance hosted in Australia​
  • Ability to configure Automatic Axon Role Assignment for new users logging  on via Single Sign On
  • IP addresses from hosts behind load balancers are now unmasked to expedite incident response
  • Less clicks to inspect anomalous activity by surfacing more context around deviations from the baselin

Promises made. Promises kept.

July 2023 Updates

This quarter, our product enhancements improve operational efficiency for analysts and visibility into potential risks. Learn more about our product updates by watching our July quarterly launch webinar or find details in the drop down below!

  • A native, high-performance JSON parser
  • SecondLook Service for self-hosted LogRhythm SIEM (already available for LogRhythm Cloud) 
  • Data process pooling
  • Agents auto-distribute logs across Data Processor  Pool
  • Streamlined Cloud Data Processing
  • View System Monitor Agents and Last Heartbeat in the Web Console
  • Support for Rocky Linux and RedHat 9, Windows Server 2022 and Windows SQL Server 2019
  • Automate and reduce the administrative overhead of System Monitors and log sources with the REST API
  • Configure, update, and retrieve System Monitor DP Pooling settings, System Monitor Load Balanced Group settings and log source Watch File Rename on Rollover settings
  • Data collection increases the depth and breadth of data collection methods and device support content with LR7, now with support for Windows 11
  • Data collection is performed for on-premises devices using the System Monitor Agent
  • Cloud-based sources, purpose-built cloud collectors are in development to support security use cases via Open Collector
  • Out-of-the-box support for more log types, including eStreamer v7.2, Darktrace,
    and SonicWall Sonic OS/X UPE, along with enhancements to Cisco ISE, Cisco Meraki, and more
  • Choose and configure any SMTP server
  • Support India Availability Zone
  • Enhanced network threat detection models thru enhanced scoring
  • Analyst determined threshold for incident and case creation
  • Add new safelist categorization to bring clarity to alarms
  • In-product training through Pendo 
  • New CBT training courses
  • Continued transition to new analyst experience
  • Export log source types and related processing policies to a file​
  • Import log source types from an exported file​
  • Detection information improvements​
  • Assign threat severity to observations as an option set during rule creation​
  • Add classification and informational metadata fields to observations ​
  • Email notifications can be sent when threats are detected​
  • New and updated support for MITRE detections ​
  • Support European Union Availability Zone​
  • SOC2 certification ​
  • Search and visualization improvements​
  • New default search layout for easier analyst experience​
  • Improved assisted/suggested search to streamline investigations​
  • Agent-side log filtering centrally managed through analyst interface​
  • Easier integration for SaaS applications that support Webhooks​
  • Webhooks collector supports Basic and Token authentication models​
  • Easily send data to LogRhythm Axon for custom use-cases​
  • New API Documentation and Swagger files: https://docs.logrhythm.com/axon/docs/axon-api-guide
  • Revamped Release Notes: https://docs.logrhythm.com/axon/docs/
  • New supported log sources: https://docs.logrhythm.com/axon/docs/supported-log-source-types

April 2023 Updates

This quarter, we introduced new automation, extended threat detection capabilities, and improved log source management to simplify the analyst experience.

  • Improved SecondLook workflow and administration 
  • Quick search function for completed “SecondLook restores” (LogRhythm Cloud) 
  • Automatic maintenance of archive indices (self-hosted)  
  • New and enhanced log sources: Prisma Cloud, Salesforce Commerce Cloud, Open Collector behind Squid Proxy, SysMon support for Red Hat Enterprise Linux (RHEL), Open Collector – Oracle Version Update, SysMon Oracle Version Update 
  • MDI: Enhanced MPE Rules and signature IDs: Cisco Secure Email, Cisco Umbrella, FireEye, Imperva, Tanium, ForcePoint, MS Windows Event Logging, MS Exchange Management, Symantec DLP, and more 
  • Improved Open Collector on-boarding experience 
  • New Open Collector Manage Page enables centralized management of deployed Open Collectors 
  • Support for customer requested LogRhythm Beats (Prisma Cloud, Symantec WSS, Microsoft Graph API, Carbon Black Cloud, Cisco AMP, DUO, and Proofpoint) 
  • New log source administration page in the web console  
  • Enhanced the Admin API with additional endpoints to configure Log Source Virtualization settings and added two new administrative functions
  • Individual role-based access controls for SecondLook restores (LogRhythm Cloud)

Expanded detection coverage with new out-of-the-box UEBA uses cases:

  • User anomaly + password modified  
  • User anomaly + file download  
  • User anomaly + file deleted first stage recycle bin  
  • User anomaly + file deleted second stage recycle bin
  •  
  • Enhanced analyst experience 
  • Computer Based Training to empower customers to get full value out of NDR 
  • Robust product documentation library 
  • Completed new User Interface (UI) 
  • Streamlined analyst processes built in new UX 
  • More upfront information around network traffic and incidents 
  • Enhanced dashboard with key infographics 
  • More customization available in dashboard 
  • Standardized “platform” look and feel
  • Suggestive Search  
  • Clustered Observations:
    • Aggregate observations for hosts, users, and networks 
    • Related observations have “interesting” common event 
  • Sunburst Widget update 
  • Single Metric Widget 
  • Initial release of Axon Linux Agent for flat file and syslog 
  • Updated Axon Windows Agent with tuning and performance options 
  • Configuration options for agent log level and centralized visibility into agent status 
  • Documentation to advertise known support rates of cloud collectors 
  • Performance and quality improvements
  • Cribl 
  • Cimcor 
  • Varonis 

January 2023 Updates

This quarter’s enhancements span LogRhythm’s product portfolio to enable SOC teams to detect and resolve threats easily and improve analysts’ effectiveness.

  • New Web UI running on Open Collector (OC Admin)
  • MPE Rule sharing
  • New and enhanced log sources
  • New log source initial analysis – GCP update, Windows WMI, Sysmon on Latest Ubuntu- Ubuntu22
  • New and updated SmartResponses™: urlscan.Io, Microsoft 365 Defender for Endpoint V1, TrendMicro Vision One V1.0, ServiceNow, Microsoft OneDrive/SharePoint, MS Office 365
  • Enhanced auditing support
  • LogRhythm Cloud: Archive retrieval in the cloud
  • Analyst experience: parse hosts as metadata in output log
  • Detection: New models using windows logs that track, windows security event ID, windows logon type
  • Microsoft EDR integration
  • VirusTotal Data Collection
  • Continued roll out of new and refreshed user interface
  • Increased customizations available in dashboard
  • Security analytics
  • Automated threat detections identified by
    our analytics engine
  • MITRE ATT&CK™ threat detection
  • End-to-end authoring of streaming analytics rules
  • Observation Workflow
  • Analyst workflow that is faster and more flexible
  • Additional visualizations and data analysis tools
  • Histogram and markdown visualizations
  • Ability to fine-tune Axon Agent performance
  • Single-Sign-On support
“Axon has already given our team the tools to effectively analyze our environment and improve our security posture.” – Eric L., Network Engineer, global manufacturing company 

October 2022 Updates

In October, we introduced our brand new, cloud-native security operations platform — LogRhythm Axon! In addition, we launched valuable enhancements to LogRhythm SIEM 7.10, UEBA, and NDR solutions.

  • Cloud-to-cloud collection support for Amazon Web Services (AWS) S3 logs
  • Log source support and parsing improvements to specific log sources
  • Automation functionality around endpoints and new metrics API
  • SmartResponse™ executes preventative actions
  • FIPS compliance
  • UI improvements in the UEBA lab streamline the analyst workflow
  • New model that tracks when the user authenticates using a new log source type
  • Identifies 0365 services hosts in the logs
  • User score now takes the origin host details involved in the anomaly
  • Ingests data from NetFlow
  • Features a newer version of the MITRE ATT&CK™ framework
  • Leverage vulnerability scanner data to qualify IDS detections
  • Establishes case definition based on IDS rule of IOC mapped to ransomware
  • UI contains a more streamlined and intuitive analyst workflow
  • IDS rule/signature in the UI details on Incidents page
  • Create an allowlist from the Policy Management page
  • Validates the successful connectivity and integration of third-party software
  • Communication traffic go through explicit proxy customers to implement network policies
  • Guided and intuitive workflows
  • Use of “common” language for accessing information/threats
  • Intuitive dashboarding and reporting capabilities
  • Axon and related resources for storage/retention will be managed by LogRhythm
  • Cloud-native architecture
  • Predictable licensing based on storage
  • Cloud collection for both IaaS and SaaS based applications
  • Log data is normalized and classified into the LR patented MDI format
  • Data is enriched with information on geolocation and DNS look ups
  • Auto log-source onboarding and Policy Builder

Introducing the Innovation Portal

To ensure that LogRhythm’s product deliverables are tailored to our customers’ needs, we created the Innovation PortalThis section of the Community contains quick showcases of what’s in development. You’ll find a mix of videos, surveys, and other spotlights — all of which come with an open invitation for feedback. 

Let us know your thoughts through the surveys and comments section and signal your general support with a Kudos. We’ll keep a close eye on this section and will steadily supply it with new content.

Schedule a Demo with LogRhythm

Let one of our security experts review your uses cases and demonstrate how the LogRhythm can help you reduce noise, prioritize work that matters, and quickly secure your environment.

LogRhythm NDR