Disclaimer: this is not a commitment to a timeframe or delivery of any of the features discussed below. This is also not a commitment to deliver all of these features in our next release. This post is intended to give you a rough idea of what we're doing.
Installation, Configuration, & Maintenance
Whether you call it Log & Event Management or Security Information/Event Management (SIEM), there's a lot of moving parts to getting the most value out of your investment. We want to make it faster for you to get to the information that's useful whether it's the first time you're setting up LEM or you need to add something after the fact. Areas that we're looking into include:
- Navigation and organization of out-of-the-box features
- Configuration of connectors and other product integrations
Information at your Fingertips
We've had a lot of great LEM feedback around navigating different areas of the system and are going to make some significant improvements to make it faster to get useful insight out of your data quickly. Things we're improving on include:
- Making it easy to find default rules that suit your specific needs (be it PCI, other compliance, security, etc)
- Adding more dashboard widgets with historical analysis side by side with what's happening now
- Adding more dashboard areas that let you drill down into nodes/IP addresses and users on the network to quickly determine if something/someone is an issue
- Adding dashboard widgets that give you useful information about what's going on here on Thwack, what's new in LEM, and how to use different features
Love for Security and Operations Teams
We've talked to teams that approach LEM from a security need perspective, and teams that approach LEM more operationally with security as either a secondary or separate issue. A lot of the features you see listed above were created with an eye to one or both teams.
For the security teams:
- Easier identification of critical rules and other content that apply to security
- Additional details for nodes and users that will make root cause analysis faster
For the more operationally minded:
- Dashboards and widgets that call out historical trends and help link high level visualizations to data
- Adding a "Quick Search" to make it faster to, well, do a quick search
Some other things that are brewing here in the LEM kitchen are:
- Improvements to LEM database archiving (check out this Thwack feature request post if you'd like to post your comments about what you'd like to see)
- Improvements to agent installation (and other installers)
- Extensions to our Windows Event Log integration (native support for "new" style Event Logs and the option of remote Event Log access)
- Continued support for more product integrations with our connectors
Questions? Comments? Did We Miss Something?
If you've got questions or ideas about how a particular feature would be most useful, or want to take part in a release candidate or beta or any of these features, feel free to comment.
Make sure to file a feature request over in our Security Event Manager Feature Requests forum if you don't see your request. If someone else already posted it, please add your comments so we know there's interest in a particular feature or issue!