What’s New at LogRhythm
October 2023 Updates
This quarter, our product innovations help bridge skill gaps, cut log source onboarding time, enhance contextualization into threats, and much more!
Explore our latest product updates in the dropdown and resources below, plus watch our quarterly release webinar for more information!
- Introducing log collection management in the Web Console
- Streamlined workflow in the Web Console allowing for management of Open Collectors, Beats, and the log source associated with Beats
- Simplified experience, cutting onboarding time by 50%
- Admin API updates for the following administrative actions :
- Beat Management
- Open Collector Management
- Introducing the Resource Center into LogRhythm Web Console
- Important updates quickly surfaced to the users
- Direct links to documentation, training, Community, and support
- In-product guided tutorial of Web Console and how to use it as an analyst
- Out-of-the-box support for more log types: Salesforce eCommerce Cloud Audit and Security logs, CyberArk, Zscaler, NetMon, Carbon Black, FortiGate, CrowdStrike, Imperva, ePO, SonicWall, OpenLDAP, and more
- Improved workflow for sending logs to LogRhythm Axon
- LogRhythm Cloud: get real-time insight into deployment stats e.g., current MPS, average log size, processing queues, and TTLs
- LogRhythm Gen6 Hardware Refresh
- New detection models in UEBA with Machine Learning to detect variations in the user behavior that may be related to an attack
- Automatic detection of changes in user activities:
- Unusual time of the day
- Unusual day of the week
- Additional Detection Capabilities
- Common Events and be used in Search and Displayed in Dashboards
- Support for Special characters and Regex in Search
- Improbable Travel anomaly detection
- Additional out-of-the-box MITRE rules
- New Count Unique Values Observed rule block
- Introducing Case Management for Incident Management workflows
- Manual Case creation from logs
- Automatic Case creation from analytics rules
- Case Status, ownership, and severity
- Case Comments, Links, and Logs added to case
- Case notification emails on automatic case creation, status and ownership changes
- Rules/System testing and simulation
- Signal Replay allows for synthetic logs to be replayed into the
- Allows for testing of analytics rules and parsing
- LogRhythm Axon “LogWars” a LogRhythm sponsored interactive threat-hunting game
- Axon instance hosted in Australia
- Ability to configure Automatic Axon Role Assignment for new users logging on via Single Sign On
- IP addresses from hosts behind load balancers are now unmasked to expedite incident response
- Less clicks to inspect anomalous activity by surfacing more context around deviations from the baselin
A letter from LogRhythm CEO Chris O'Malley - October 2023
Today, we are incredibly proud to celebrate our sixth consecutive quarter of delivering on the promises that truly matter to you, our esteemed customer. In a world where the challenges of digital security are ever evolving and relentless, LogRhythm is deeply honored to serve as your steadfast guardian. We are wholeheartedly committed to consistently strengthening your defenses, ensuring that you stay one step ahead of the curve. Your trust and security mean everything to us, and we are here for you, unwavering in our dedication.
Today also holds special significance as it marks the one-year anniversary of our cloud-native SIEM platform, LogRhythm Axon. Every two weeks, LogRhythm Axon undergoes a transformative evolution, pushing the boundaries of innovation and elegant simplicity in design, all in our quest to better serve you.
At LogRhythm, we are obsessed with enhancing the overall quality of our products. Over the past five consecutive quarters, LogRhythm SIEM has demonstrated a clear improvement in product quality, with measurable advancements of at least 10% with each quarterly release. Our last two releases of LogRhythm SIEM witnessed the fastest adoption rates in the twenty-year history of our company. We understand that upgrades require planning and effort, and we are truly honored to have your trust and constructive feedback as we tirelessly work to continually enhance our product experience quality and meet your evolving cybersecurity needs.
Our commitment to your satisfaction remains unwavering, and your feedback is an invaluable compass that guides every decision we make. This quarter, we are excited to introduce significant enhancements and expansions to the complete suite of LogRhythm solutions. These developments are a testament to our relentless dedication to delivering value to you. Our latest product enhancements and integrations released this quarter include:
- New case management feature automates incident response and investigative workflows, helping SOC teams delegate resources, prioritize their work, and improve efficiency. Cases and email notifications can be automatically created or sent when an analytic rule is triggered, indicating an event requires immediate attention.
- User anomaly detection for improbable travel allows protection against abnormal access attempts into an organization’s environment.
- New signal replay enhances threat detection development process by allowing testing for analytics rules to ensure they are fine-tuned and optimized for their environment.
- Ability to search common events allows analysts to find relevant security events across different vendors’ log sources without having prior knowledge of the underlying log structure.
- Streamlined onboarding of Beats and Open Collectors, a collection of LogRhythm services that gather and normalize data from various cloud providers, in a single location to cut the workflow in half.
- Enhanced API log source onboarding for easier management of Open Collectors and Beats.
- Expanded library of supported log sources and parsing for improved correlation and analysis.
- In-product Resource Center for access to tutorials, announcements, docs, and support.
- IP Behind Load Balancer Tracking for faster triage capabilities when responding to incidents.
- Enhanced model output contextualization to empower quicker action to threats as relevant information is readily available.
As we look forward to the rest of the year, please expect new innovations and enhancements to come from our customer-obsessed team every quarter. We are looking forward to hopefully seeing you at our cybersecurity conference for customers, RhythmWorld 2023, later this month where the LogRhythm team seeks to further empower you to enhance your security operations maturity and maximize the value gained from LogRhythm solutions.
We are deeply grateful for your trust and partnership. It is your satisfaction and success that fuels our dedication to delivering excellence in our products and services, and we fully understand all the responsibility and accountability that come with being your security partner. We look forward to continuing to serve and help protect you and your organization with all our heart, mind, and soul.
We will continue to listen attentively, adapt to your changing needs, and strive to exceed your expectations. Your feedback, suggestions, and trust are blessings we cherish. You can always reach me at [email protected]. I would love to hear from you.
Sincerely,
Chris O’Malley,
LogRhythm CEO


Promises made. Promises kept.
July 2023 Updates
This quarter, our product enhancements improve operational efficiency for analysts and visibility into potential risks. Learn more about our product updates by watching our July quarterly launch webinar or find details in the drop down below!
- A native, high-performance JSON parser
- SecondLook Service for self-hosted LogRhythm SIEM (already available for LogRhythm Cloud)
- Data process pooling
- Agents auto-distribute logs across Data Processor Pool
- Streamlined Cloud Data Processing
- View System Monitor Agents and Last Heartbeat in the Web Console
- Support for Rocky Linux and RedHat 9, Windows Server 2022 and Windows SQL Server 2019
- Automate and reduce the administrative overhead of System Monitors and log sources with the REST API
- Configure, update, and retrieve System Monitor DP Pooling settings, System Monitor Load Balanced Group settings and log source Watch File Rename on Rollover settings
- Data collection increases the depth and breadth of data collection methods and device support content with LR7, now with support for Windows 11
- Data collection is performed for on-premises devices using the System Monitor Agent
- Cloud-based sources, purpose-built cloud collectors are in development to support security use cases via Open Collector
- Out-of-the-box support for more log types, including eStreamer v7.2, Darktrace,
and SonicWall Sonic OS/X UPE, along with enhancements to Cisco ISE, Cisco Meraki, and more
- Choose and configure any SMTP server
- Support India Availability Zone
- Enhanced network threat detection models thru enhanced scoring
- Analyst determined threshold for incident and case creation
- Add new safelist categorization to bring clarity to alarms
- In-product training through Pendo
- New CBT training courses
- Continued transition to new analyst experience
- Export log source types and related processing policies to a file
- Import log source types from an exported file
- Detection information improvements
- Assign threat severity to observations as an option set during rule creation
- Add classification and informational metadata fields to observations
- Email notifications can be sent when threats are detected
- New and updated support for MITRE detections
- Support European Union Availability Zone
- SOC2 certification
- Search and visualization improvements
- New default search layout for easier analyst experience
- Improved assisted/suggested search to streamline investigations
- Agent-side log filtering centrally managed through analyst interface
- Easier integration for SaaS applications that support Webhooks
- Webhooks collector supports Basic and Token authentication models
- Easily send data to LogRhythm Axon for custom use-cases
- New API Documentation and Swagger files: https://docs.logrhythm.com/axon/docs/axon-api-guide
- Revamped Release Notes: https://docs.logrhythm.com/axon/docs/
- New supported log sources: https://docs.logrhythm.com/axon/docs/supported-log-source-types

April 2023 Updates
This quarter, we introduced new automation, extended threat detection capabilities, and improved log source management to simplify the analyst experience.
- Improved SecondLook workflow and administration
- Quick search function for completed “SecondLook restores” (LogRhythm Cloud)
- Automatic maintenance of archive indices (self-hosted)
- New and enhanced log sources: Prisma Cloud, Salesforce Commerce Cloud, Open Collector behind Squid Proxy, SysMon support for Red Hat Enterprise Linux (RHEL), Open Collector – Oracle Version Update, SysMon Oracle Version Update
- MDI: Enhanced MPE Rules and signature IDs: Cisco Secure Email, Cisco Umbrella, FireEye, Imperva, Tanium, ForcePoint, MS Windows Event Logging, MS Exchange Management, Symantec DLP, and more
- Improved Open Collector on-boarding experience
- New Open Collector Manage Page enables centralized management of deployed Open Collectors
- Support for customer requested LogRhythm Beats (Prisma Cloud, Symantec WSS, Microsoft Graph API, Carbon Black Cloud, Cisco AMP, DUO, and Proofpoint)
- New log source administration page in the web console
- Enhanced the Admin API with additional endpoints to configure Log Source Virtualization settings and added two new administrative functions
- Individual role-based access controls for SecondLook restores (LogRhythm Cloud)
Expanded detection coverage with new out-of-the-box UEBA uses cases:
- User anomaly + password modified
- User anomaly + file download
- User anomaly + file deleted first stage recycle bin
- User anomaly + file deleted second stage recycle bin
- Enhanced analyst experience
- Computer Based Training to empower customers to get full value out of NDR
- Robust product documentation library
- Completed new User Interface (UI)
- Streamlined analyst processes built in new UX
- More upfront information around network traffic and incidents
- Enhanced dashboard with key infographics
- More customization available in dashboard
- Standardized “platform” look and feel
- Suggestive Search
- Clustered Observations:
- Aggregate observations for hosts, users, and networks
- Related observations have “interesting” common event
- Sunburst Widget update
- Single Metric Widget
- Initial release of Axon Linux Agent for flat file and syslog
- Updated Axon Windows Agent with tuning and performance options
- Configuration options for agent log level and centralized visibility into agent status
- Documentation to advertise known support rates of cloud collectors
- Performance and quality improvements
- Cribl
- Cimcor
- Varonis

January 2023 Updates
This quarter’s enhancements span LogRhythm’s product portfolio to enable SOC teams to detect and resolve threats easily and improve analysts’ effectiveness.
- New Web UI running on Open Collector (OC Admin)
- MPE Rule sharing
- New and enhanced log sources
- New log source initial analysis – GCP update, Windows WMI, Sysmon on Latest Ubuntu- Ubuntu22
- New and updated SmartResponses™: urlscan.Io, Microsoft 365 Defender for Endpoint V1, TrendMicro Vision One V1.0, ServiceNow, Microsoft OneDrive/SharePoint, MS Office 365
- Enhanced auditing support
- LogRhythm Cloud: Archive retrieval in the cloud
- Analyst experience: parse hosts as metadata in output log
- Detection: New models using windows logs that track, windows security event ID, windows logon type
- Microsoft EDR integration
- VirusTotal Data Collection
- Continued roll out of new and refreshed user interface
- Increased customizations available in dashboard
- Security analytics
- Automated threat detections identified by
our analytics engine - MITRE ATT&CK™ threat detection
- End-to-end authoring of streaming analytics rules
- Observation Workflow
- Analyst workflow that is faster and more flexible
- Additional visualizations and data analysis tools
- Histogram and markdown visualizations
- Ability to fine-tune Axon Agent performance
- Single-Sign-On support
“Axon has already given our team the tools to effectively analyze our environment and improve our security posture.” – Eric L., Network Engineer, global manufacturing company
October 2022 Updates
In October, we introduced our brand new, cloud-native security operations platform — LogRhythm Axon! In addition, we launched valuable enhancements to LogRhythm SIEM 7.10, UEBA, and NDR solutions.
- Cloud-to-cloud collection support for Amazon Web Services (AWS) S3 logs
- Log source support and parsing improvements to specific log sources
- Automation functionality around endpoints and new metrics API
- SmartResponse™ executes preventative actions
- FIPS compliance
- UI improvements in the UEBA lab streamline the analyst workflow
- New model that tracks when the user authenticates using a new log source type
- Identifies 0365 services hosts in the logs
- User score now takes the origin host details involved in the anomaly
- Ingests data from NetFlow
- Features a newer version of the MITRE ATT&CK™ framework
- Leverage vulnerability scanner data to qualify IDS detections
- Establishes case definition based on IDS rule of IOC mapped to ransomware
- UI contains a more streamlined and intuitive analyst workflow
- IDS rule/signature in the UI details on Incidents page
- Create an allowlist from the Policy Management page
- Validates the successful connectivity and integration of third-party software
- Communication traffic go through explicit proxy customers to implement network policies
- Guided and intuitive workflows
- Use of “common” language for accessing information/threats
- Intuitive dashboarding and reporting capabilities
- Axon and related resources for storage/retention will be managed by LogRhythm
- Cloud-native architecture
- Predictable licensing based on storage
- Cloud collection for both IaaS and SaaS based applications
- Log data is normalized and classified into the LR patented MDI format
- Data is enriched with information on geolocation and DNS look ups
- Auto log-source onboarding and Policy Builder
Introducing the Innovation Portal
To ensure that LogRhythm’s product deliverables are tailored to our customers’ needs, we created the Innovation Portal! This section of the Community contains quick showcases of what’s in development. You’ll find a mix of videos, surveys, and other spotlights — all of which come with an open invitation for feedback.
Let us know your thoughts through the surveys and comments section and signal your general support with a Kudos. We’ll keep a close eye on this section and will steadily supply it with new content.
Schedule a Demo with LogRhythm
Let one of our security experts review your uses cases and demonstrate how the LogRhythm can help you reduce noise, prioritize work that matters, and quickly secure your environment.
