What’s New in LogRhythm SIEM January 2026

Security teams require continuous innovation to defend against sophisticated attackers and support modern infrastructure. The January 2026 LogRhythm SIEM release delivers critical updates to your security operations, improving everything from detection and investigation to core platform stability.

Go From AI Detection to Investigation in One Click

The time between threat detection and investigation creates risk. This release closes that gap by embedding machine learning detections directly into the analyst workflow with Advanced Intelligence Engine (AIE) Events on Data Indexer Dashboards.

This integration allows your team to pivot from a high-fidelity alert to the underlying raw data in a single click. By eliminating context switching, this feature reduces the time needed to validate and investigate threats, helping you improve key metrics like mean time to respond (MTTR).

Visualize Real-Time Threats With a Refreshed Threat Map

To communicate risk effectively, security leaders need a clear, real-time picture of threat activity. This release includes a significant Threat Map refresh on DX dashboards, providing a more intuitive, real-time visualization of threats against your organization. The updated interface gives security leaders and analysts an immediate understanding of the geographic source and targets of attacks, making it easier to report on risk across the business.

Scale and Automate AIE Rule Management

Manually tracking and updating AIE rules across multiple deployments is inefficient and prone to error. The new AIE API allows administrators to programmatically import and manage rules, including enabling or disabling them and restarting the AIE Engine service. This API helps teams automate rule management to ensure consistency, especially for MSSPs and large organizations that need to sync rules across different environments.

Extend Visibility into Your Critical SaaS Applications

Effective security monitoring must extend to your SaaS applications. This release introduces improved log collection for Salesforce, providing greater insight into user activity, permissions changes, and potential data exfiltration within a business-critical platform. Bringing this data into the SIEM allows you to apply advanced analytics and correlation rules to detect otherwise invisible threats.

Simplify API Integration with the JSON Policy Builder

While LogRhythm administrative APIs offer powerful automation capabilities, building the required JSON policy files can be complex. The new JSON Policy Builder Web Tool removes this obstacle. This wizard-driven tool guides administrators through a simple, step-by-step process to generate properly formatted policy files without writing any code. It makes using our APIs for automation faster, easier, and more accessible to your entire team.

A More Secure, Stable, and Performant Core Platform

This release is built on core platform improvement that expand compatibility and functionality. To ensure LogRhythm runs on the modern infrastructure you use, we now support for both Windows Server 2025 and Rocky 10.

We are also introducing a new Linux System Monitor Agent that brings highly requested capabilities, like the JSON Parser, to the Linux platform. This agent achieves near-feature parity with its Windows counterpart and significantly improves data collection and monitoring in mixed environments. These upgrades are delivered alongside our ongoing security hardening, performance optimizations, and bug fixes to provide the stable, reliable platform your security operations depend on.

A More Capable and Reliable SIEM

The January 2026 LogRhythm SIEM release makes your security operations more effective. From single-click investigations and clearer threat visualization to simplified administration and support for the latest enterprise operating systems, these updates deliver the speed, visibility, and reliability needed to protect your organization.

See the New Features in Action

Seeing is believing. Join our upcoming webcast where Product Manager Ryan Gamboa and I will demonstrate how these new features transform security operations. We will also answer your questions live.

Register for our webcast today to see the future of security operations.