Skip to content

Exabeam Expands Behavior Intelligence to Secure the Agentic Enterprise — Read the News

LogRhythm SIEM July 2026 Release: Accelerating Investigations and Expanding Visibility

  • Jul 01, 2026
  • Brook Chelmo
  • 2 minutes to read

Table of Contents

    The LogRhythm SIEM July 2026 release adds new investigation workflow features, expands automation for administration and archiving, and broadens telemetry coverage across cloud, identity, collaboration, endpoint, and email environments.

    Organizations running on-premises and hybrid environments often need tight control over data to meet sovereignty and operational requirements. This release focuses on faster investigations, less workflow friction, and broader visibility, while helping administrators scale operations.

    What’s New: July 2026 Highlights

    Accelerating Investigations and Reducing Workflow Friction

    Security investigations can slow down when evidence is scattered and analysts have to switch tools midstream. The July updates reduce that friction in two ways:

    Add Logs to Case

    Analysts can add logs directly to a new or existing case from the Data Indexer dashboards. This streamlines evidence collection during triage and response and cuts down on context switching during active investigations.

    LogRhythm Intelligence Sync Service

    The LogRhythm Intelligence (LRI) Sync Service connects the LogRhythm SIEM and New-Scale platforms through APIs and automatically synchronizes investigation details such as case status, assignee, risk scores, rule triggers, and MITRE ATT&CK® data. The goal is to prevent stale information and reduce pivoting between interfaces so teams can act faster.

    Automating a Resilient SOC Foundation

    Automation and retention are core to operational durability, especially when teams need long-term access to investigation data.

    AIE Archived Events Update

    Advanced Intelligence Engine (AIE) events can now be written directly into LogRhythm archives as analytics data moves to the Data Indexer. This supports compliance and long-term retention while simplifying the architecture used for archiving.

    Analytics (AIE) Admin API Updates

    Administrators can programmatically update rule blocks within an AIE rule. This reduces manual administration work, improves consistency, and supports rules-as-code workflows that integrate with broader security orchestration.

    Expanding Visibility Across Modern Environments

    As environments grow, coverage gaps often show up first in telemetry. The July 2026 release expands telemetry coverage for cloud, identity, collaboration, endpoint, and email environments, including:

    • Open Collectors for O365 Message Tracking and Box
    • Expanded coverage for Microsoft Defender technologies, including Cloud, XDR, O365, Identity, and Sentinel)
    • Microsoft Data Loss Prevention
    • Syslog support for Keeper Security and Trend Micro Deep Discovery Email Inspector
    • Mimecast Beat coverage

    This broader ingestion helps teams bring more of the environment into investigation workflows without relying on a narrow set of data sources.

    Frequently Asked Questions

    How does the release help analysts investigate faster?

    Two updates target investigation speed: analysts can add logs directly to cases from the Data Indexer dashboards and the LogRhythm Intelligence sync service automatically keeps key case and investigation fields aligned between platforms.

    What automation and retention updates are included?

    AIE events can now be written into LogRhythm archives as analytics data moves to the Data Indexer and administrators can programmatically update AIE rule blocks through new admin API updates.

    What new telemetry coverage is included in July 2026?

    The release adds and expands telemetry coverage for O365 Message Tracking, Box, Microsoft Defender technologies (Cloud, XDR, O365, Identity, Sentinel), Microsoft Data Loss Prevention, Keeper Security (syslog), Trend Micro Deep Discovery Email Inspector (syslog), and Mimecast Beat.

    How does LogRhythm Intelligence sync investigation details between platforms?

    It connects the LogRhythm SIEM and New-Scale platforms via APIs and automatically synchronizes investigation details, including case status, assignee, risk scores, rule triggers, and ATT&CK data.

    Learn More

    For a deeper walkthrough of the July 2026 updates, watch the July 9 release webcast.

    Brook Chelmo

    Brook Chelmo

    Director of Product Marketing | Exabeam | Brook Chelmo is a seasoned cybersecurity strategist and product marketing leader with deep expertise in emerging threats, threat actor behavior, and security technology. He has conducted embedded research with ransomware groups, including direct engagement with Russian cybercriminals, offering rare insights into their operations, motivations, and monetization strategies. Known for delivering award-winning and standing-room-only presentations at global security conferences, Brook helps security teams stay ahead of evolving threats by translating complex threat intelligence into actionable strategies. His work spans product development, threat research, and education, supporting both the advancement of security technology and the global community’s ability to defend against cyber risk.

    More posts by Brook Chelmo

    Learn More About Exabeam

    Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.

    • Data Sheet

      New-Scale Fusion

    • Blog

      What’s New in New-Scale July 2026: AI Agents Need More Than Guardrails

    • Data Sheet

      LogRhythm Intelligence

    • Brief

      Threat Center

    • Blog

      LogRhythm SIEM July 2026 Release: Accelerating Investigations and Expanding Visibility

    • Data Sheet

      New-Scale SIEM

    • Show More