In case you missed it, the Log & Event Manager team recently released our 5.4 version which was packed with great features. Onward and upward we continue, here's a preview of what's to come.

 

Disclaimer: this is not a commitment to a timeframe or delivery of any of the features discussed below. This is also not a commitment to deliver all of these features in our next release. This post is intended to give you a rough idea of what we're doing.

 

Installation, Configuration, & Maintenance

Whether you call it Log & Event Management or Security Information/Event Management (SIEM), there's a lot of moving parts to getting the most value out of your investment. We want to make it faster for you to get to the information that's useful whether it's the first time you're setting up LEM or you need to add something after the fact. Areas that we're looking into include:

  • Navigation and organization of out-of-the-box features
  • Configuration of connectors and other product integrations

 

Information at your Fingertips

We've had a lot of great LEM feedback around navigating different areas of the system and are going to make some significant improvements to make it faster to get useful insight out of your data quickly. Things we're improving on include:

  • Making it easy to find default rules that suit your specific needs (be it PCI, other compliance, security, etc)
  • Adding more dashboard widgets with historical analysis side by side with what's happening now
  • Adding more dashboard areas that let you drill down into nodes/IP addresses and users on the network to quickly determine if something/someone is an issue
  • Adding dashboard widgets that give you useful information about what's going on here on Thwack, what's new in LEM, and how to use different features

 

Love for Security and Operations Teams

We've talked to teams that approach LEM from a security need perspective, and teams that approach LEM more operationally with security as either a secondary or separate issue. A lot of the features you see listed above were created with an eye to one or both teams.

 

For the security teams:

  • Easier identification of critical rules and other content that apply to security
  • Additional details for nodes and users that will make root cause analysis faster

 

For the more operationally minded:

  • Dashboards and widgets that call out historical trends and help link high level visualizations to data
  • Adding a "Quick Search" to make it faster to, well, do a quick search

 

...and More

Some other things that are brewing here in the LEM kitchen are:

  • Improvements to LEM database archiving (check out this Thwack feature request post if you'd like to post your comments about what you'd like to see)
  • Improvements to agent installation (and other installers)
  • Extensions to our Windows Event Log integration (native support for "new" style Event Logs and the option of remote Event Log access)
  • Continued support for more product integrations with our connectors

 

Questions? Comments? Did We Miss Something?

If you've got questions or ideas about how a particular feature would be most useful, or want to take part in a release candidate or beta or any of these features, feel free to comment.

 

Make sure to file a feature request over in our Log & Event Feature Requests forum if you don't see your request. If someone else already posted it, please add your comments so we know there's interest in a particular feature or issue!