Improve Log Source Administration, Management with LogRhythm SIEM 7.13

Every quarter, Exabeam improves customers’ experiences with new innovations that save users time and ease their workflow. With our fifth consecutive quarterly product release, we are continuing the momentum with LogRhythm SIEM version 7.13, which features improvements to log source onboarding and log source management. 

LogRhythm SIEM 7.13 features a new engine in the SIEM that can ingest JSON data significantly faster than before, a data processor pooling system that automatically distributes logs across data processors, and new and updated supported log sources, enabling you to focus on threat detection, investigation, and response. 

Simplify Workload with the New JSON Parsing Engine 

We understand the challenges you face onboarding log sources. That’s why the team has made it even easier to ingest cloud-native log sources. As part of LogRhythm SIEM 7.13, we’ve embedded a JSON parsing engine into System Monitor, the SIEM’s collection system. The new engine, available to self-hosted customers, reduces complexity and offers a significant performance increase. Now you no longer need to rely on JQ language to define parsers. The latest update simplifies workload and administration to onboard data. Customers can use the new JSON parsing engine via on-prem Open Collectors and System monitors. 

Reduce Administrative Overhead with Data Processor Pooling 

Your agents are your workhorses as they collect data and ship the data to a data processor, which handles the parsing. But there had not been a good way to load balance these agents across multiple data processors — until now. 

LogRhythm SIEM 7.13 introduces Data Processor Pooling, a new feature that lets administrators define a pool of one or more data processors to allow a single agent to collectively send its data to a group of data processors. When an agent is assigned a Data Processing Pool, the agent will spread the logs across the data processors. This removes the need to manually review agent volumes and adjust which data processors the agents are sending to, saving you time.

View Agents in the Web Console  

To further support LogRhythm’s work to introduce additional client console functionality into the web console, LogRhythm created an Agents page that lets self-hosted customers see and search through System Monitors in the web console, saving them time from switching between consoles. Customers can select an Agents administration page to view and do the following: 

• View active and retired system monitor agents and details:
  • SysMon Name 
  • Host 
  • Entity 
  • Active Log Sources 
  • Last Heartbeat 
  • Type 
  • Version 
  • Last Data Processor 
• Filter and sort in each column 
• User visibility into agents will adhere to user profiles and permissions 

SecondLook is Available to Self-hosted Customers 

We take data seriously. And when it comes to retaining data, it’s important that customers find their data—especially older data—easily. With LogRhythm SIEM 7.13, customers who use our self-hosted SIEM option now have access to SecondLook, a tool that enables users to query data and search it in the archives, in the web console.  

Customers that use this SecondLook feature can now search through their archives using the web console instead of the client console. This saves customers time from pivoting between consoles and passes SecondLook searches off to a dedicated service for a more reliable user experience.

Refreshed Operating Systems

To boost your performance, we updated the operating systems installed on LogRhythm appliances. Over time, operating systems become outdated, making past versions unsupported. With the release of 7.13, we are supporting and installing Microsoft Server 2022, Microsoft SQL Server 2019, and Rocky Linux. For customers that prefer the open-source version of Linux, Data Indexers and Open Collector support Rocky Linux 9 and RHEL 9. For customers with RHEL licenses, LogRhythm SIEM supports RHEL 9.  

We’ve also added additional support for System Monitor, which includes Windows 2022, Windows 11, Rocky Linux 9, and RHEL 9.  

Ongoing Log Source Support  

We are continuing to review our supported log sources and make updates to strengthen our correlation and analysis. Our new and enhanced methods of ingestion include:    

• Cisco Identity Services Engine: New policies help prevent classification errors and provide more consistent parsing of log source data for Cisco Identity Services Engine while new messaging processing engine (MPE) rules parse log metadata to the correct schema fields and classify highly complex log source data. 
• DarkTrace: Helps customers collect logs from DarkTrace. 
• eStreamer: Updated integration with eStreamer to support up through version 7.2. 
• SonicWall Unified Policy Engine: Enhances integration with SonicWall to include collection and parsing from SonicWall’s Unified Policy Engine (UPE). 
• Cisco Meraki: New policies help prevent classification errors and provide more consistent parsing of log source data for Cisco Meraki while new MPE rules parse log metadata to the correct schema fields and classify highly complex log source data. 

Upgrade to LogRhythm SIEM 7.13 and Stay in the Know 

Get the latest features in LogRhythm SIEM 7.13! If you are an existing customer, you can  download LogRhythm 7.13 from Community.