cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

What We're Working on for SEM (Updated Nov 18 2020)

Now that SEM 2020.4 is generally available, all major functionality has been migrated to HTML5 interface and we will be pivoting to bring new features to SEM. Here is what we're working on, in no particular order:

  • Microsoft 365 Events: Support for Microsoft 365 audit logs from sources including Azure Active Directory, Exchange, Sharepoint, OneDrive, Teams and more. Vote for this feature. 
  • New Reporting Engine: Provide a new reporting engine in the HTML5 GUI and drop the need for Crystal Reports. Vote for this feature
  • Additional Threat Feeds: Allow users to configure and use additional threat feeds. Vote for this feature.
  • IP Geolocation:  Map IP address to their geolocation and allow users to leverage location in filters, searches and rules. Vote for this feature

This list doesn't enumerate a lot of the features we're looking into for long term development and further releases, but we continually use Thwack as one of our biggest source of feedback

I hope you're happy with the direction SEM is going, but if there is something missing or a feature you're really keen on, be sure to vote for features in Security Event Manager Feature Requests forum. .

Available Beta and RC releases:

  • None

Releases:

Comments

Everything about the new html 5 interface is good news!  I'm a recent LEM user and it's good to see some things are being updated.

We need the ability to collect secure syslogs with TLS for a federal requirement. Please add this feature!!

This does work... I had the same problem.

One thing I told the UX team about the new HTML5 node management is badly needed ability to select and delete more than one node at a time.  I had a connector go arry over the weekend and came back in Monday to find LEM had added all these new nodes (falsely) and eaten up my entire 1000 node license.  I then had to, one at a time, delete over 500 bogus nodes.

This is certainly something we are thinking about as we're building the HTML5 Node Management (the UX Team actually passed your feedback onto me). Sorry to hear you ran into the issue with bogus nodes, I can imagine it was painful having to delete those nodes one at a time. Those nodes were likely created as a result of a connector not parsing certain logs correctly and needs to be adjusted by us. Did you manage to figure out the offending connector? On a related node, displaying the connector associated with each node is something we're also discussing as part of the Node Management UI.

It's on the roadmap now... I'm glad since I just started using LEM that you and familyofcrowes​ are in here!

The big problem I've recently ran into is the report tool won't install on windows 10.  It installs with admin rights on windows 7 but windows 7 is on it's way out.  I have an open case on this:  Case # - 00218635 Installed 6.4 LEM Reports and Crystal Reports with admin rights on windows 10.  When trying to run with admin rights application faults SWLEMReports.exe version 6.4.0.2.  It faults twice every time I run it on windows 10 with Exception code: 0xc0000005 and then 0xc000041d. Every time I run Reports with admin rights or not it double application faults

This would be fantastic

jhynds  wrote:

On a related node, displaying the connector associated with each node is something we're also discussing as part of the Node Management UI.

Solarwinds would be better of with ditching the whole Reports application and integrate reporting inside the Console UI.

The UI is not intuitive and it has all kinds of problems.

One of the biggest issues is when you run a complex/heavy report which can take hours to generate and only after that you can go in and filter out the noise.

Then run the report again to have that useful report with your filters applied.

Let's not get started with scheduling your custom reports. It's a nightmare.

This would be much easier if the LEM Reports would use the same logic as we do in nDepth Scheduled searches. It is fairly easy to set up a filter first, test the output on a short timespan, then schedule a regular report.

Yes, please move away from Flash.  Those of us in security do not (or should not) use this very unsecure app.

jhynds since you're working on User Defined groups

  • User Defined Groups: Build and manage your User Defined Groups within the HTML5 UI.

I hope that (despite lack of votes on the feature request below) you consider adding more fields to the Add User-Defined Group Element action.

Currently we can only add a single element (as below). It would be very helpful if we can add more elements/fields like: time, IP, host, account etc... in the User Defined Group through the Add User-Defined Group Element action

pastedImage_2.png

SEM 7.1 is shipped. I wonder why I do not see anything about this on THWACK?!

SEM 6.7.1 was released recently which is a Service Release to address an issue with the 6.7 SEM agent. There isn't any new features/functionality included with the release.

In my case, having Flash installed violates security policy. An exception was made for my workstation, just for SEM. The sooner the better!

What version of SEM are you running? Although Flash is still required for some tasks within SEM, a lot of functionality is now in the HTML5 interface, which you should be seeing by default from v6.7.

2019.4. Someone mentioned to me that the GUI console was more dependent on Flash in the past, though. I'm happy to see it steadily heading away from it!

What is your timeline for nDepth and connector profiles to be enabled in HTML5? Is that going to come out in the way of a upgrade file or a new release such as 2020.2?

I'm really looking forward to the new reporting engine!

Bill

Version history
Revision #:
14 of 14
Last update:
‎11-18-2020 07:06 AM
Updated by: