Introducing LogRhythm version 7.9: Simplify your work with greater efficiency and improved security

Introducing LogRhythm version 7.9: Simplify your work with greater efficiency and improved security

As part of our commitment to customers, we continue to innovate and invest in the LogRhythm SIEM Platform. Since 2003, LogRhythm has been an ally in cyber security, helping reduce customers’ cyber risk by eliminating blind spots and quickly shutting down attacks.

Our mission continues to help meet customer needs. We recognize that security analysts don’t have time to waste on lengthy processes and inefficient workflows. Analysts require increased automation to get their jobs done faster and more efficiently. Those are the drivers behind LogRhythm SIEM Platform version 7.9.

DevOps Connection: DevSecOps @ RSAC 2022

With LogRhythm, we help you overcome security hurdles by simplifying your workflow. Cybersecurity is hard, but LogRhythm makes it easy for you. The latest features in LogRhythm 7.9 improve overall efficiency and speed up log filtering capabilities to make your tasks even easier. Read on for the latest LogRhythm SIEM Platform improvements

Faster titration with LogRhythm

At LogRhythm, we transform complex problems into something simple through our Machine Data Intelligence (MDI) Fabric. We help make life easier for your security operations team through automation to help your organization realize value even faster.

To speed up your workflow and enable more efficient processes, we’ve enhanced the Management API by adding System Monitoring (LogRhythm System) Management endpoints to the API library. This allows SIEM administrators to connect through the Management API and manage the SysMon agent, enabling automated batch processing.

The Management API allows you to easily upgrade existing SysMon agents and add new SysMon agents to reduce administrative overhead. For example, you can save precious time by writing a script to remove all agents at once. This avoids the task of withdrawing agents individually, streamlining your workflow.

To help you achieve greater time to value, LogRhythm’s out-of-the-box (OOTB) content helps shorten the time it takes to respond to threats, accelerating your response and shortening your workflow. SmartResponse™, our pre-built automated actions for third-party integrations, enable seamless execution on the data source and SIEM alarms to improve incident response time. As part of our ongoing improvements, we have added and improved existing SmartResponses to our already extensive library of 120. Our new SmartResponse releases include:

  • Microsoft Azure AD account management, v2.0
  • Sophos Central, v2.0
  • LogRhythm v2.0 Case Report
  • Cisco SecureX, v2.0
  • PagerDuty, v3.0
  • Palo Alto Networks v3.0 Firewall
  • MS Teams v1.0
  • Checkpoint v4.0
  • Okta v3.0
  • Future Engraving 1.0

Since log collection is at the core of a SIEM, having the ability to collect numerous log sources is crucial. The more log sources that are sent to the SIEM, the better it can understand your data. To further assist our customers, LogRhythm has extended our log source support to include the Generic Beat POST implementation method. We’ve also made analytics improvements for Carbon Black, Okta, Proofpoint Duo Beat, Azure Eventhub, and Google Cloud Platform (GCP). These updates allow for better correlation and analysis of specific Beats.

Enhancing the Breadth of LogRhythm Solutions

Unlike other security companies, LogRhythm offers a comprehensive security suite. Of user and entity behavior analysis (UEBA) Y security operations, automation and response (SOAR)) a records management Y network detection and response (NDR) solutionsno other vendor packs such powerful solutions into a single offering.

To reinforce our commitment to customers, LogRhythm continues to improve our security solutions. With LogRhythm 7.9, we added additional filtering capabilities, allowing you to filter logs and apply security priorities to your data in the agent. Our event log filtering feature allows you to target specific types of Windows event logs that the agent queries and speed up its time to process logs, removing the load on the collection pipeline.

The Windows Event Log API provides the ability to pass a select/delete XML query when records are requested. By using this built-in Windows functionality, the SMA agent can limit the results of server queries and reduce the agent’s workload.

With event log filtering, customers now have three different options for log filtering: event log filtering on the agent, log source virtualization filtering on the agent, and global log processing rule filters on the agent. the mediator. You can choose the one that best suits your needs. This reduces log ingestion through SIEM, reducing strain on the collection pipeline and unnecessary log clutter in SIEM.

Event log filtering helps prioritize use cases.

Figure 1: Event log filtering helps prioritize use cases.

To further extend our solutions, we have also extended our functionality for the new usage context by adding additional metadata fields including object name, command, and MAC address to the general list type to leverage MITER ATT&CK and more sophisticated logging sources. This allows you to expand your use of LogRhythm solutions. With the new metadata fields, you can create lists for different LogRhythm metadata fields to use MITER ATT&CK and other sophisticated log sources that generate these data fields.

Additionally, LogRhythm 7.9 includes security patches to update some of the libraries that LogRhythm currently uses, including Log4j, to close some of those security holes. log4j is the open source logging library widely used by applications and services on the Internet, including Elasticsearch. The Log4Shell vulnerability was discovered in Log4j in December 2021. If not fixed, attackers can gain access to systems, steal passwords and logins, exfiltrate data, and infect networks with malware. With LogRhythm version 7.9, we updated our version of Elasticsearch™, which includes an update to Log4j to version 2.17.1, which resolves the Log4Shell vulnerability.

Get more flexibility with LogRhythm

When it comes to security, flexibility is key. As part of LogRhythm 7.9, we expanded the flexibility of the platform by providing full support for SQL Server 2019. This update now allows existing customers and new installations to use the latest version of SQL. LogRhythm 7.9 also supports customers with existing deployments who want to upgrade SIEM servers to Windows Server 2019. Previously, LogRhythm only supported Windows Server 2019 for fresh LR installations.

If you want to upgrade, LogRhythm handles licensing for SQL 2019 and Server 2019 through the following:

2019 server licenses:

  • If you purchased LogRhythm hardware on or after November 1, 2020, you purchased a 2019 LogRhythm server. This license can be used to upgrade the operating system. You can use and validate your license by looking at the license tag on top of the server. If you are unable to locate the license, you can open a support case.
  • If you purchased hardware before November 1, 2020, you must provide your own Server 2019 license.

SQL 2019 licenses:

  • If you purchased software on or after February 1, 2021, you purchased a SQL 2019 license from LogRhythm. If you want to update SQL, you can open a support case to receive an installer and key.
  • If you purchased software before February 1, 2021, you must provide your own SQL 2019 installer and license.
  • For those customers who purchased hardware, you must provide your own SQL 2019 installer and license.

LogRhythm 7.9 also gives you more flexibility to manage costs with our license metering reports. We understand that it is important to be aware of costs. That’s why we’ve added a new reporting feature to make license overages more visible and easier to understand. When the license metering report is run, it will now show overages in the last 30 days. This feature can help you better manage license usage and potentially reduce your expenses.

Better manage your license usage with the License Metering Report.

Figure 2: Better manage your license usage with the License Metering Report.

Getting started with LogRhythm 7.9

LogRhythm SIEM Platform version 7.9 makes your daily work easier, improving your efficiency and your security workflow. If you are already a customer, you must apply for a new license to access LogRhythm 7.9. Download 7.9 Community today or check out our May Tips & Tricks Webinar for more information on LogRhythm 7.9 and its specific features.

The charge Introducing LogRhythm version 7.9: Simplify your work with greater efficiency and improved security first appeared in LogRhythm.

*** This is a syndicated Security Bloggers Network blog from LogRhythm Written by Kelsey Gast. Read the original post at: https://logrhythm.com/blog/logrhythm-siem-platform-version-7-9/

Leave a Comment