What’s New in LogRhythm SIEM 7.21: Expanded Alarm Filtering, Real-Time Log Access, and Developer Tools

Detecting and responding to modern threats takes more than visibility. It demands precision, speed, and seamless integration across your tools and teams.

LogRhythm SIEM 7.21 delivers on these needs with targeted enhancements including expanded alarm filtering, instant log access within Dashboards, MITRE ATT&CK^® alignment, and a new developer portal to streamline API integration.

Keep reading to learn how these enhancements empower security teams to move quickly, reduce noise, and make more informed decisions.

Surface Critical Threats With 14 New Alarm Filters

Security teams need more flexibility when triaging alerts, especially when isolating events tied to specific users, hosts, or IP addresses. With more than double the filtering options of previous versions, LogRhythm SIEM 7.21 introduces 14 new alarm filters to deliver deeper, more targeted visibility.

With this update, analysts can now filter by aspects like:

• Classification
• Common Event
• Log Source
• Entity (Origin/Impacted)
• IP Address (Origin/Impacted)
• Hostname (Origin/Impacted)
• User (Origin/Impacted)
• Location (Origin/Impacted)
• VMID

This expanded filtering toolkit helps teams move faster, minimize alert fatigue, and prioritize the activity that matters most.

Filter Alarms by MITRE ATT&CK TTPs

The ATT&CK framework is a key asset when it comes to identifying high-risk tactics. With LogRhythm SIEM 7.21, alarms can now be filtered by ATT&CK tactics, techniques, and procedures (TTPs) with just a few clicks.

This can be done by mapping Common Events to custom rules. Analysts can easily sort and surface activity by ATT&CK phase, accelerating triage and helping teams zero in on threat patterns faster. For example, analysts can quickly isolate lateral movement activity by filtering alarms mapped to the ATT&CK T1075 (Pass-the-Hash) technique.

Instant Log Access in Data Indexer Dashboards

With LogRhythm SIEM 7.21, a new “View Logs” option is now available directly in Data Indexer Dashboards, allowing users to pivot quickly from visualizations to underlying log data. With one click, drill into log-level detail without opening a new tab, exporting data, or building a custom search. This enhancement turns static visuals into interactive investigations—helping teams follow the trail faster.

New LogRhythm SIEM Developer Portal

Modern SOCs rely on automation, but clunky or inconsistent APIs can slow progress. LogRhythm SIEM APIs are now hosted in the Exabeam Developer Portal, giving users a centralized, user-friendly environment to streamline development.

With prebuilt code samples, multi-language support, and clean documentation, the Developer Portal helps security teams:

• Automate repetitive tasks
• Accelerate integration timelines
• Reduce API troubleshooting and scripting errors

This centralization reduces integrated friction and makes it easier to embed SIEM functions into broader workflows and automation pipelines.

Open Collection Architecture: Streamlined Collection for Cloud and Hybrid Environments

As cloud services evolve, your SIEM must also adapt. LogRhythm SIEM 7.21 includes key updates to keep collection fast, consistent, and compatible with third-party platforms. These new updates include:

• New Mimecast Collector
• Improvements for Google Workspaces log collection
• Updated AWS service parsing

Together, these enhancements reduce friction in log ingestion and improve detection accuracy with cleaner, more normalized data across hybrid environments.

Additional Platform Updates

Performance and security enhancements in LogRhythm SIEM 7.21 continue to ensure a more stable and secure product experience, without requiring extra configuration.

Security Improvements

• Increased encryption key length to 3072 bits
• SHA-256 signing for installers

Performance Enhancements

• Updated Java package improves indexing and search performance
• System Monitor Agent now runs on .NET 8 Core, delivering a smoother, more secure experience

With up to 20% improvement in agent data throughput, these updates give teams faster access to insights with less overhead. Specifically, with the Java Development Kit (JDK) update from JDK8 to JDK21, users will see a 10x improvement in query response times for TopX widget requests, a 50% improvement to Data Indexer indexing rate, a 70% gain in memory usage under heavy loads, and a 45% reduction in CPU consumption.

Why LogRhythm SIEM 7.21 Matters for Security Teams

With these latest innovations, organizations can stay ahead of evolving threats while simplifying security management. LogRhythm SIEM 7.21 delivers critical enhancements that empower security teams to:

• Filter and prioritize alarms with more precision
• Analyze high-risk activity through the lens of ATT&CK
• Investigate faster with instant log access in dashboards
• Automate with confidence using the new Developer Portal
• Ingest and normalize cloud data with fewer errors
• Improve performance and security across the platform

Ready to Improve Threat Detection and Streamline Response? Download LogRhythm SIEM 7.21

Explore the new features of LogRhythm SIEM 7.21 at the LogRhythm SIEM quarterly webinar.

Existing customers can download LogRhythm SIEM 7.21 from Community. Information and documentation on all the latest enhancements are available in the LogRhythm SIEM Release Notes.