Events 0
En
Ua
Events 0
Search result:
More
Home Press center LogRhythm 7.17 update for more flexible logs
LogRhythm 7.17 update for more flexible logs- image 1
News
Published:

LogRhythm 7.17 update for more flexible logs

The new LogRhythm 7.17 version makes integrating JSON logs into LogRhythm SIEM much easier. Now, with the new Open Collection Architecture, you can use third-party tools to collect security logs, even if they don’t have dedicated LogRhythm tools yet.

The system supports the Lumberjack protocol, which allows you to integrate JSON logs from a variety of sources. Lumberjack, part of the Elastic Stack ecosystem, is a lightweight log transfer solution that improves the flexibility of your operations.

If you are still using an older version of LogRhythm SIEM, we recommend upgrading to version 7.17 to take advantage of the new features for faster and more efficient log collection.

Simplify your setup with JSON Policy Builder

For coding-savvy SIEM analysts and administrators, setting up normalisation policies for JSON logs can be a daunting task. These policies are often complex to create and can be time-consuming to visualise and implement effectively.

To simplify this process, LogRhythm 7.17 introduces an innovative tool called the JSON Policy Builder. This web-based tool allows analysts to easily map JSON values to LogRhythm schema and export the finished policy file for use in the system. With a GUI-based interface, the JSON Policy Builder automates data extraction, allowing users to conveniently map fields to the LogRhythm schema using drop-down menus.

Additionally, a new feature in LogRhythm 7.17 allows you to save all your configured or modified normalisation rules to a secure folder in the monitoring system, ensuring that your settings remain intact during system updates. This feature eliminates the risk of losing important settings and protects them from accidental changes or overwriting.

Optimising the installation and upgrade process for LogRhythm 7.17

Customers often encounter limitations imposed by the standard installation options. This usually forces them to re-run the LogRhythm installation wizard, especially when they need to install specific components that are not included in the standard installation set.

The LogRhythm 7.17 update introduces a new, more flexible installer that expands the selection of components that can be installed on a single device. Administrators now have the option of not installing the data indexer on the same hardware as the rest of the LogRhythm components. This simplifies the process and allows for quicker upgrades to LogRhythm SIEM, giving users more control and providing faster system updates.

Easier licensing monitoring with the new Admin API in LogRhythm SIEM

For SIEM administrators, access to up-to-date licensing information is critical. Usually, access to such data requires using the client console, which may not always be convenient and fast.

The LogRhythm SIEM update now includes a new Admin API feature for administrators to more easily obtain and track licensing and version information. With the new feature in the Admin API, administrators can effectively compare MPS counts with usage data in the Metrics API. This not only simplifies resource utilisation monitoring, but also reduces operational costs and automates data collection across multiple environments, significantly improving licence management efficiency.

Enhancement of over 70 journal sources

LogRhythm is constantly working to improve the Message Processor Engine (MPE) and releases improvements on a quarterly basis to ensure efficient log message normalisation. This is critical to maintaining an effective security posture, as it ensures that LogRhythm gets the most out of the log data it processes and the security information it provides through LogRhythm’s Machine Data Intelligence (MDI) Fabric.

Over the past three months, more than 70 log sources have been updated, significantly improving efficiency in key categories:

  1. Operating systems. Enhanced log collection from systems such as AIX, BSD, Linux, HP-UX, Solaris, and Microsoft Windows, which helps you to monitor OS-level activity and detect threats in more detail.
  2. Firewall security. Updates for firewalls from Palo Alto Networks, Fortinet FortiGate, Cisco Firepower, and Checkpoint allow for better analysis and protection of systems from threats.
  3. Applications. Updates to data settings for Mimecast Email, Microsoft Exchange, Fortinet Fortimail, and Trend Micro Email Security provide more efficient communication in the SIEM to help detect attacks and compromises.

Stay up to date and enjoy the latest features LogRhythm SIEM with our latest version of LogRhythm 7.17! Customers can request a license and download LogRhythm 7.17 now.

NEWS

Current news on your topic

Commvault News
Commvault AI Protect: Control Over Autonomous AI Agents
More
Cloudflare News
Launching Cloudflare Sandboxes: A Safe Environment for AI Agents
More
Default
AI, Identity and New Attack Speed: What Experts Discussed at the Executive Dinner for Cybersecurity Leaders
More
All news
All news
This website uses cookies for convenience. Privacy policy