LogRhythm launches version 7.7 of the LogRhythm NextGen SIEM Platform. The update introduces new features designed to streamline the threat detection and response process, including a new Timeline View that provides analysts with an easy-to-follow security narrative when investigating an incident.
Visualizing Security Stories with Timeline View
Through Timeline View, security analysts have a consolidated, chronological view of user or host activity. The view includes all data related to the incident and is automatically contextualized to provide a quick view into how a potential incident has played out thus far. With Timeline View, analysts can easily further their investigation without needing to navigate off the existing page to understand the cause and scope of a given incident. Analysts can also go deeper into the data presented by drilling down into specific timeline events and reviewing the underlying raw data.
“We’re thrilled to bring Timeline View to our customers with the release of LogRhythm 7.7,” said Rusty Carter, chief product officer at LogRhythm. “We understand how challenging it is to manage the detection and response process if you have to use multiple screens, so our goal was to make it easier for analysts to not only get an overview as to how an incident is progressing, but to also be able to drill down into that contextualized activity is vital to rapidly making accurate decisions.”
To even better visualize relationships, patterns and abnormalities present in log data, LogRhythm’s Detail Page pairs Timeline View with Node Link graph (previously introduced in LogRhythm 7.5). This combination allows analysts to investigate incidents from multiple perspectives and to quickly determine the timing and scope of an incident.
Additional Benefits Provided by 7.7
In addition to Timeline View, LogRhythm 7.7 introduces a number of new features designed to improve analysts’ daily workflows and the ability to interact with other technologies. Specific benefits include:
- Easier integration with third-party platforms: Version 7.7’s Alarm REST API provides a simpler integration with third-party ticketing systems, SOAR platforms, and other LogRhythm partner solutions. The publicly consumable API makes it even easier to work through standard alarm workflows, including listing alarms, pushing updates into alarms, and adding comments to alarms.
- Seamless log configuration in the cloud: Cloud-to-cloud collection enables LogRhythm Cloud users to configure log sources regardless of origin through a Graphical User Interface (GUI). This makes it easier for users to configure log sources, ultimately leading to a lower error rate and higher confidence.
- Built-in support for more popular cloud-based services: LogRhythm has added new out-of-the-box Beats to help analysts onboard many popular cloud-based services, including Okta and Carbon Black Cloud, which further help customers secure the identities and endpoints within their environments.
Immediate, Global Availability
Version 7.7 version of the NextGen SIEM Platform is now available for immediate use around the globe. Existing LogRhythm customers should contact their customer success representative for more information on the upgrade.