See the Threats that Matter with AI-Driven LogRhythm Intelligence 

A security and information event management (SIEM) product is foundational to security operations teams. But as an organization grows, so does the amount of data that needs to be monitored and the complexity of its IT environment. Additionally, most breaches involve credential theft or misuse that appears as anomalous activity on endpoints, servers, and applications, which can be difficult to detect. That is why we developed LogRhythm Intelligence, a cloud-native add-on to LogRhythm SIEM that detects behavior to escalate anomalous user and host activity within the LogRhythm SIEM interface. LogRhythm Intelligence is the first new offering from the “new” Exabeam, and we are all very excited to share it with you. 

On top of this, the latest LogRhythm SIEM release showcases our efforts to make the product more robust and to continue moving more functionality into the web console.  

Introducing LogRhythm Intelligence 

LogRhythm Intelligence uses machine learning (ML) to analyze LogRhythm SIEM data and detect anomalies that may indicate insider threats, compromised accounts, administrator abuse, and credential misuse. It adapts by establishing baselines for user and device behavior, then auto-scoring events based on risk level. With insights from 795 behavioral models and 1,800 fact-based rules, analysts can leverage the ML-based detection and monitoring to build searches, dashboards, reports, and use security orchestration and automated response (SOAR) within LogRhythm SIEM. This reduces the need for manual rule creation and reduces the rate of false positives. LogRhythm Intelligence functions as an advanced user entity and behavior log source, enabling analysts to incorporate user and entity behavior analytics (UEBA) into their workflow without leaving the LogRhythm SIEM interface. 

To learn more about LogRhythm Intelligence, read the product data sheet or schedule a demo.

LogRhythm SIEM: Web Console Pending Syslog Management 

We are always striving to make analysts’ lives easier, which is why we continue to move more features and functionality from the Client Console to the Web Console. This quarter, we added the following functions to the Web Console:  

• Manage pending log sources 
• Accept, reject, and remove pending log sources 
• Handle pending log sources in batches through the Admin API 

By adding these features, analysts gain immediate visibility into pending log sources, streamline the onboarding process, and administrators can now edit log sources more efficiently through the API. 

LogRhythm SIEM: Foundational Enhancements 

To further our quest to make LogRhythm SIEM the most powerful self-hosted SIEM on the market, we continue to enhance the platform. This quarter, we released new versions of Elastic search and the Advanced Intelligence Engine service to improve analytics, enabling faster and more accurate threat detection, investigation, and response (TDIR).  The results include:

• Up to 50% improvement in detection pipeline throughput 
• Up to 10x faster processing of pattern-matching rules  
• 87% faster loading of log sources in the client console 

This quarter, we added support for 60+ new and enhanced log sources, including Rubrik, Anomali, and Akamai, expanding our library to more than 1,000 prepackaged log sources.  

For a detailed list of features in this quarter’s release, please refer to the LogRhythm SIEM Release Notes or check within the product. Stay updated with the latest news by visiting exabeam.com/whats-new.  

To learn more about LogRhythm SIEM, read the product data sheet or schedule a demo here.