With limited resources available, analysts need every tool in their arsenal to alleviate the time it takes to investigate and respond to an ever-evolving threat landscape. With the latest LogRhythm Axon release, we are giving analysts a higher fidelity picture of what is happening in their environment with observation clustering, suggested search, new visualizations, enhanced log collection, and expanded Axon Agents.
Staying true to our commitment to our customers, we will continue to release new functionality every quarter to make the life of a security analyst easier. We are excited to deliver our third consecutive quarterly release of innovation on the LogRhythm Axon platform and keeping our promise to you.
Observation Clustering
With the number of logs that analysts need to investigate continually expanding, there is not enough time in the day to investigate every log or even to create analytics rules or tune existing rules to eliminate false positives and false negatives. With that in mind, we have developed clustering to aggregate observations across hosts, users, and networks that will intelligently combine observations into related clusters based on common metadata. Instead of the time-consuming task of investigating potentially related items, analysts can now automatically see and easily investigate related pieces of activity in one simple workflow. Thus, analysts will have a holistic view of what is happening in an environment and gain the ability to investigate and respond more quickly.
Figure 1: Gain a holistic view of your environment with automatic surfacing of related observations.
Suggested Search
While some vendors require analysts to learn complex syntax to search throughout their platform and find underlying data, we wanted to create a simplified way for analysts to search. By developing a fast keyboard driven search, Axon suggests context as an analyst types, making search more accessible and easier to utilize across the entire platform.
Figure 2: Obtain results quickly with keyboard driven search.
Single Search Metric
It can be difficult to search, investigate, and fully understand the meaning behind overwhelming amounts of log data. Sometimes, analysts just want a quick snapshot of a single numeric value. Our Single Search Metric displays an aggregate of numeric fields such as log size, byte counts, packet counts, etc., even enabling the analyst to create a trend chart over a specific time period. With a quick snapshot into the underlying data of the platform, analysts can gain access to information quickly, as well as insight into what is happening in their environment.
Figure 3: Gain a quick snapshot into what is happening in your environment.
Donut Chart
Continuing on our quest to make Axon as easy as possible to utilize, we are constantly updating and improving on our existing visualizations as we gain valuable feedback from our customers. As a result of this customer feedback, we have enabled a second tier of metadata within the donut chart so analysts can easily dig deeper into smaller values, thus increasing visibility into what is happening in the environment. In addition, our open framework means that an analyst can change metrics at any time, providing additional flexibility when they find something that needs more attention.
Figure 4: Increase visibility into underlying data.
Axon Agent and Collection Enhancements, and Expanded Log Collection
We will always be improving and enhancing on collection throughout the Axon platform to help our customers gain comprehensive visibility into their environment. Axon’s data collection is performed for on-prem devices using our Axon Agent. In October 2022, we released the Windows version of the Axon Agent. In April 2023, we have expanded the Axon Agent support to Linux for flat file and syslog collection . And just like every other quarter, we have also released new log source collection capabilities.
Axon Status Page Enhancements
As a trusted partner to our customers, we want to ensure that our customers are given comprehensive visibility into our platform. That’s why we have enhanced our Status Page to include metrics around Ingest API and Search, giving our customers the ability to quickly confirm whether the Ingest API is healthy as well as whether there is a system-wide incident that is impacting the ability to retrieve results from a search query.
Information and documentation on all these new enhancements can be found in our Release Notes, further enabling our customers to realize the full value of the Axon platform.
We will continue to innovate based on customer feedback, so that organizations can better investigate and respond to threats quickly. As we look forward, we will be even better — we are thrilled about the road ahead and are already very busy working on our next quarterly release. To learn more about LogRhythm Axon, read the product data sheet or schedule a demo.
The post Attain Faster Threat Investigation with LogRhythm Axon appeared first on LogRhythm.
from LogRhythm https://bit.ly/3zpunar
via IFTTT
No comments:
Post a Comment