Posts on Security, Cloud, DevOps, Citrix, VMware and others.
Words and views are my own and do not reflect on my companies views.
Disclaimer: some of the links on this site are affiliate links, if you click on them and make a purchase, I make a commission.
New Timeline View Enables Visual, Chronological Review of Security Incidents to Enhance Detection and Response Capabilities
Boulder, Colo. — April 5, 2021 — LogRhythm, the company powering today's security operations centers (SOCs), today announced the launch of version 7.7 of the LogRhythm NextGen SIEM Platform. The update introduces new features designed to streamline the threat detection and response process, including a new Timeline View that provides analysts with an easy-to-follow security narrative when investigating an incident.
Visualizing Security Stories with Timeline View
Through Timeline View, security analysts have a consolidated, chronological view of user or host activity. The view includes all data related to the incident and is automatically contextualized to provide a quick view into how a potential incident has played out thus far. With Timeline View, analysts can easily further their investigation without needing to navigate off the existing page to understand the cause and scope of a given incident. Analysts can also go deeper into the data presented by drilling down into specific timeline events and reviewing the underlying raw data.
"We're thrilled to bring Timeline View to our customers with the release of LogRhythm 7.7," said Rusty Carter, chief product officer at LogRhythm. "We understand how challenging it is to manage the detection and response process using multiple screens, so our goal was to make it easier for analysts to not only get an overview as to how an incident is progressing, but to also be able to drill down into that contextualized activity. These features are vital to making accurate decisions even more rapidly."
To even better visualize relationships, patterns and abnormalities present in log data, LogRhythm's Detail Page pairs Timeline View with Node Link graph (previously introduced in LogRhythm 7.5). This combination allows analysts to investigate incidents from multiple perspectives and to quickly determine the timing and scope of an incident.
Figure 1: A Detail Page in the LogRhythm Platform featuring the new Timeline View (left) and Node Link Graph (bottom right)
Additional Benefits Provided by 7.7
In addition to Timeline View, LogRhythm 7.7 introduces a number of new features designed to improve analysts' daily workflows and the ability to interact with other technologies. Specific benefits include:
Easier integration with third-party platforms: Version 7.7's Alarm REST API provides a simpler integration with third-party ticketing systems, SOAR platforms, and other LogRhythm partner solutions. The publicly consumable API makes it even easier to work through standard alarm workflows, including listing alarms, pushing updates into alarms, and adding comments to alarms.
Seamless log configuration in the cloud: Cloud-to-cloud collection enables LogRhythm Cloud users to configure log sources regardless of origin through a Graphical User Interface (GUI). This makes it easier for users to configure log sources, ultimately leading to a lower error rate and higher confidence.
Built-in support for more popular cloud-based services: LogRhythm has added new out-of-the-box Beats to help analysts onboard many popular cloud-based services, including Okta and Carbon Black Cloud, which further help customers secure the identities and endpoints within their environments.
Immediate, Global Availability
Version 7.7 version of the NextGen SIEM Platform is now available for immediate use around the globe. Existing LogRhythm customers should contact their customer success representative for more information on the upgrade.
To learn more about LogRhythm 7.7, schedule a demo with a LogRhythm expert.
LogRhythm's award-winningNextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com.