Version 1

    I'm excited to announce that Security Event Manager 2019.4 Release Candidate (RC) is now available on your Customer Portal. The Release Candidate is also available for any evaluation users, so please contact your Account Manager if you would like to evaluate the RC. The Release Notes are available here and steps to upgrade your existing SEM appliance here.


    Firstly, you'll probably notice our new versioning format. New releases for SEM going forward will now use quarter.year, taking a similar approach to Orion Platform product modules. SEM versions will be the four-digit year in which they were released, followed by the quarter of release. If there is a Service Release in between major releases, it will appear in the third position following the quarter, e.g. 2019.4.1.


    So, what's included in this SEM release? This release mainly focuses on our migration from Flash, with new functionality added to our HTML5 interface including Dashboards, User-Defined Groups and E-Mail templates.



    As the saying goes, a picture paints a thousand words - which is particularly true when it comes to log data. The Events page in SEM allows you to interact with your logs via filtering and keyword searching, however it can be difficult to spot any unusual activity or suspicious trends. That's where a dashboard comes into play - being able to visualize thousands of logs and build a picture of what's happening on your network can be hugely valuable when detecting threats. We have included several out of the box charts based on some of the most common use cases we hear from our customers, including Change Management, Authentication and Network Traffic widgets. You can easily create custom widgets based on any filter within the Events page and chart options include bar, pie and donut, as well as line graphs for time-series data. Drilling into the log data behind each chart is vitally important when analyzing potential threats. You can easily view the corresponding log data within the Events page by clicking on a segment of a chart. Here's a glimpse at how our new dashboard looks, I hope you like what we've done:




    You can now build and manage these groups via the HTML5 interface. User-defined groups contain data specific to your environment, such as user and computer names, sensitive files, approved USB devices and so on. These groups can also act as whitelists and blacklists for use in correlation rules and filters, for example, alerting you to attempted URL access to a URL that you've blacklisted. You can create these groups manually or import elements via a CSV file. You can also easily export group elements to a CSV too. In order to ensure our out of the box content remains relevant to an ever changing threat landscape, we've updated several of our pre-defined groups including SQL Injection/XSS Vectors, Anonymizer Websites and Remote Desktop Websites.



    Email Templates

    As part of the SEM 6.7 release, we introduced the ability to manage your correlation rules via the new interface including the ability to select which e-mail template you'd like to use as part of the alert. However, the creation and customization of those e-mail templates still resided in the Flash console. SEM 2019.4 introduces the ability to build and customize these email templates within the new interface. These emails are incredibly valuable when it comes to adding context to e-mail alerts as well as including information from log data within those alerts.



    I really hope you like the direction we're going with Security Event Manager, especially the new user interface. As always, your feedback and ideas are always greatly appreciated so please provide any feedback you may have within the comments section below or within the SEM Release Candidate forum.