LogRhythm 7.5 New Features

Nodes and Tails and other stuff

New Features (TLDR Version)

The much awaited version 7.5.0 has been released by LogRhythm and it has a few really nice new features for both administrators and analysts alike.

  • Node-Link Graph - This is a new widget that can be added to Dashboards and Analyze Dashboards which can help analysts piece together events that are related in ways not immediately apparent. This will help analysts when building out a bigger picture view after an alarm indicates something worthy of further attention.
  • Tail in Web Console - Being able to tail a log source through the web console will make testing log sources and improving rules far easier than it has ever been. All widgets on a dashboard will update as the logs come through providing the analyst with a real time view for anything matching the tail criteria.
  • Lucene Helper - The Lucene Helper will allow analysts to easily add filters to dashboards and widgets to get the most out of them and remove any unrelated events.

Node-Link Graph

Node-Link Graphs are great at showing seemingly unrelated events and will make an analysts life when dealing with an incident comprised of hundreds or thousands of events a whole lot easier. As can be seen below a lot of information can be summaries down and be display concisely. In the example below we are taking a look at all of the Windows Security logs for a Seamless Intelligence test server. In this example we have ~100,000 logs summarised down and showing many relations.

Tail in Web Console

Being able to tail based on the already powerful search provided by LogRhythm will speed up troubleshooting log sources but also allow an analyst to monitor logs in way previously only possible by classifying the log as an event. Shown below is a tail started looking for all of the security events from a test server where Mimikatz and some other PowerShell commands were run.

Lucene Helper

Being able to quickly add filters to an entire dashboard or widget can make them far more useful, especially when you need to exclude the top X or Y to remove known good items. Below shows how easy it is now to add dashboard and widget filters.