What’s New at LogRhythm
April 2023 updates
This quarter, we introduced new automation, extended threat detection capabilities, and improved log source management to simplify the analyst experience.
- Improved SecondLook workflow and administration
- Quick search function for completed “SecondLook restores” (LogRhythm Cloud)
- Automatic maintenance of archive indices (self-hosted)
- New and enhanced log sources: Prisma Cloud, Salesforce Commerce Cloud, Open Collector behind Squid Proxy, SysMon support for Red Hat Enterprise Linux (RHEL), Open Collector – Oracle Version Update, SysMon Oracle Version Update
- MDI: Enhanced MPE Rules and signature IDs: Cisco Secure Email, Cisco Umbrella, FireEye, Imperva, Tanium, ForcePoint, MS Windows Event Logging, MS Exchange Management, Symantec DLP, and more
- Improved Open Collector on-boarding experience
- New Open Collector Manage Page enables centralized management of deployed Open Collectors
- Support for customer requested LogRhythm Beats (Prisma Cloud, Symantec WSS, Microsoft Graph API, Carbon Black Cloud, Cisco AMP, DUO, and Proofpoint)
- New log source administration page in the web console
- Enhanced the Admin API with additional endpoints to configure Log Source Virtualization settings and added two new administrative functions
- Individual role-based access controls for SecondLook restores (LogRhythm Cloud)
Expanded detection coverage with new out-of-the-box UEBA uses cases:
- User anomaly + password modified
- User anomaly + file download
- User anomaly + file deleted first stage recycle bin
- User anomaly + file deleted second stage recycle bin
- Enhanced analyst experience
- Computer Based Training to empower customers to get full value out of NDR
- Robust product documentation library
- Completed new User Interface (UI)
- Streamlined analyst processes built in new UX
- More upfront information around network traffic and incidents
- Enhanced dashboard with key infographics
- More customization available in dashboard
- Standardized “platform” look and feel
- Suggestive Search
- Clustered Observations:
- Aggregate observations for hosts, users, and networks
- Related observations have “interesting” common event
- Sunburst Widget update
- Single Metric Widget
- Initial release of Axon Linux Agent for flat file and syslog
- Updated Axon Windows Agent with tuning and performance options
- Configuration options for agent log level and centralized visibility into agent status
- Documentation to advertise known support rates of cloud collectors
- Performance and quality improvements
A letter from LogRhythm CEO Chris O'Malley - April 2023
Threat Hunting Made Easy
At LogRhythm, we are committed to delivering innovative solutions that truly protect you from cyberthreats. We understand that cybersecurity threats are constantly evolving, and that’s why we are dedicated to staying ahead of the game.
You rightfully and necessarily demand exceptional quality and innovation in cybersecurity solutions, and we are thrilled to announce that we have reached a major milestone in our commitment to meeting those demands. Our fourth consecutive quarterly deliverable marks a full year of keeping our innovation promises to you, our valued customers, while driving continuous improvements in the way we work.
Our product management and engineering teams have gone above and beyond to make significant improvements in the quality, velocity, efficiency, and security of our software, resulting in more valuable innovation every quarter. In just the first 26 weeks following the launch of LogRhythm Axon, we have made an impressive 18 production deployments, demonstrating our unwavering commitment to deliver impactful updates to our customers in a timely manner.
Furthermore, we are proud to report a remarkable 60% reduction in escaped defects from the release of LogRhythm SIEM 7.8 to the release of 7.11. This achievement is a testament to our increased focus on automated testing to improve overall product quality and security as well as our commitment to providing our customers with products that meet the highest standards in the market.
As our industry continues to evolve, we remain steadfast in our commitment to delivering the highest quality products with the most value to our customers. We recognize that our customers demand and expect the best, and we are dedicated to meeting and exceeding those expectations at every turn.
Our innovation efforts are laser-focused on making mission-critical work easier for security analysts to monitor, detect, investigate, and respond to threats. We have been working tirelessly to ensure our quarterly innovations are not only groundbreaking, but also directly address the cybersecurity challenges and concerns that you share with us.
This quarter, we introduced new automation, extended threat detection capabilities, and improved log source management to simplify the analyst experience. LogRhythm’s Professional Services team also introduced the Unlimited Upgrades Service to assist customers in upgrading to every quarterly SIEM release with ease. This quarter’s innovations also include:
- Automated log source onboarding and simplified collection and monitoring of new security data sources for LogRhythm SIEM.
- Completion of the new user interface and product training experiences for LogRhythm NDR to enhance the analyst experience.
- New visualizations, instinctive search that automatically gives suggestions, and observation clustering to surface meaningful insights with LogRhythm Axon.
We are grateful for your support and confidence in LogRhythm over the years. As we continue our never-ending journey towards continuous improvement, we would feel blessed to receive your feedback on our latest quarterly deliverables.
Our team at LogRhythm has undergone a revitalization and reinvention process, and we are now more customer-focused than ever before. We understand that your satisfaction is paramount to the success of our partnership. Therefore, we are always seeking ways to better serve your security operations’ needs.
Thank you for trusting us as your partner in this journey. We are confident that our enhanced capabilities and unwavering commitment will exceed your expectations. Our team is prepared to go above and beyond to ensure your satisfaction. And the best part is that we’re just getting warmed up!
We look forward to hearing your valuable feedback and continuing our partnership with you. As always, you can reach me at [email protected]
Promises made. Promises kept.
January 2023 updates
This quarter’s enhancements span LogRhythm’s product portfolio to enable SOC teams to detect and resolve threats easily and improve analysts’ effectiveness.
- New Web UI running on Open Collector (OC Admin)
- MPE Rule sharing
- New and enhanced log sources
- New log source initial analysis – GCP update, Windows WMI, Sysmon on Latest Ubuntu- Ubuntu22
- New and updated SmartResponses™: urlscan.Io, Microsoft 365 Defender for Endpoint V1, TrendMicro Vision One V1.0, ServiceNow, Microsoft OneDrive/SharePoint, MS Office 365
- Enhanced auditing support
- LogRhythm Cloud: Archive retrieval in the cloud
- Analyst experience: parse hosts as metadata in output log
- Detection: New models using windows logs that track, windows security event ID, windows logon type
- Microsoft EDR integration
- VirusTotal Data Collection
- Continued roll out of new and refreshed user interface
- Increased customizations available in dashboard
- Security analytics
- Automated threat detections identified by
our analytics engine
- MITRE ATT&CK™ threat detection
- End-to-end authoring of streaming analytics rules
- Observation Workflow
- Analyst workflow that is faster and more flexible
- Additional visualizations and data analysis tools
- Histogram and markdown visualizations
- Ability to fine-tune Axon Agent performance
- Single-Sign-On support
“Axon has already given our team the tools to effectively analyze our environment and improve our security posture.” – Eric L., Network Engineer, global manufacturing company
October 2022 updates
In October, we introduced our brand new, cloud-native security operations platform — LogRhythm Axon! In addition, we launched valuable enhancements to LogRhythm SIEM 7.10, UEBA, and NDR solutions.
- Cloud-to-cloud collection support for Amazon Web Services (AWS) S3 logs
- Log source support and parsing improvements to specific log sources
- Automation functionality around endpoints and new metrics API
- SmartResponse™ executes preventative actions
- FIPS compliance
- UI improvements in the UEBA lab streamline the analyst workflow
- New model that tracks when the user authenticates using a new log source type
- Identifies 0365 services hosts in the logs
- User score now takes the origin host details involved in the anomaly
- Ingests data from NetFlow
- Features a newer version of the MITRE ATT&CK™ framework
- Leverage vulnerability scanner data to qualify IDS detections
- Establishes case definition based on IDS rule of IOC mapped to ransomware
- UI contains a more streamlined and intuitive analyst workflow
- IDS rule/signature in the UI details on Incidents page
- Create an allowlist from the Policy Management page
- Validates the successful connectivity and integration of third-party software
- Communication traffic go through explicit proxy customers to implement network policies
- Guided and intuitive workflows
- Use of “common” language for accessing information/threats
- Intuitive dashboarding and reporting capabilities
- Axon and related resources for storage/retention will be managed by LogRhythm
- Cloud-native architecture
- Predictable licensing based on storage
- Cloud collection for both IaaS and SaaS based applications
- Log data is normalized and classified into the LR patented MDI format
- Data is enriched with information on geolocation and DNS look ups
- Auto log-source onboarding and Policy Builder
July 2022 updates
- Admin API includes SysMon management endpoints
- SmartResponse™ automated actions let you execute preventative actions
- Expanded log source support and parsing improvements
- Event Log Filtering feature to select the types of Windows Event logs
- Metadata fields, including Object Name, Command, and MAC Address
- Full support and compatibility for SQL Server 2019
- Support for Windows Server 2019
- Reporting feature to display any overages
- Third-party components in Web Console upgraded to latest version including upgrades for Angular and jQuery
- Security patches resolve the log4j vulnerability
- Monitor improbable travel between origin locations
- User score normalization across all users within the same company
- The “new” and ”new_across_ids” show the hosts or locations triggered the anomaly directly in the log
- Anomalies are mapped to MITRE D3FEND™, when applicable
- Download PCAP files for specific incidents and cases
- Enhanced LogRhythm NDR analytic capabilities
- JA3 fingerprints in our Hunt Activity page
- View policy violation-type alerts greater insight into environment
- CIDR notation supports making it easier to add specific blocks of IP addresses to allowlist
- Keep up with changes in the environment with easier editing capabilities
- LogRhythm now includes Cisco Secure Endpoint (formerly AMP)
Introducing the Innovation Portal
To ensure that LogRhythm’s product deliverables are tailored to our customers’ needs, we created the Innovation Portal! This section of the Community contains quick showcases of what’s in development. You’ll find a mix of videos, surveys, and other spotlights — all of which come with an open invitation for feedback.
Let us know your thoughts through the surveys and comments section and signal your general support with a Kudos. We’ll keep a close eye on this section and will steadily supply it with new content.
Schedule a Demo with LogRhythm
Let one of our security experts review your uses cases and demonstrate how the LogRhythm can help you reduce noise, prioritize work that matters, and quickly secure your environment.