2020 might be a year many of us want to forget, but this year, we also unveiled a variety of new products and features worth remembering.
For the Logz.io team, 2020 was a year full of innovation as we worked to continuously improve our product and complete our unified observability vision.
We also launched a variety of new capabilities for Logz.io Log Management, Infrastructure Monitoring, Cloud SIEM, and Distributed Tracing, that make our product faster, smarter, and more cost-efficient.
In case you missed it, here’s a comprehensive list of what’s new in Logz.io in 2020.
Unified Observability Based on Open Source
By far, our most exciting update this year was the completion of our full Cloud Observability Platform featuring Log Management based on ELK, metrics monitoring based on open source grafana, and now, Distributed Tracing based on Jaeger.
Infrastructure Monitoring Based on Open Source Grafana
In April, we announced the general availability of Infrastructure Monitoring, enabling engineers to use grafana and Kibana – the most powerful and widely used open source metric and log UI tools, respectively – on one integrated, easy-to-use SaaS platform. Key features of Infrastructure Monitoring include:
- Open source grafana delivered as a fully managed cloud service.
- Easy correlation between metrics and their associated logs for fast, effective root cause analysis
- 18 months metric data retention at an affordable cos with the same pricing for both infrastructure and custom metrics.
- Premade monitoring dashboards for common infrastructure services like Azure, AWS, and GCP as well as common DevOps technologies like Docker and Kubernetes.
Distributed Tracing Based on Jaeger
As groundbreaking as Infrastructure Monitoring was, we were not done there. In November we finally announced our Jaeger-based Distributed Tracing solution. This made Logz.io the only place where engineers can use the best open source monitoring tools for logs, metrics, and traces – known as the ‘three pillars’ to observability – together in one place.
Key benefits of Distributed Tracing include:
- Unification with Log Management and Infrastructure Monitoring
- Seamless alerting and correlation between logs and traces for faster root cause analysis.
- Support of instrumented tracing frameworks, databases and programming languages enabling engineers to avoid the steep costs of leading proprietary APM-based solutions, and the overhead of managing open source components at scale.
Now that our open source observability vision is complete, our engineers are hard at work creating new features and integrations so our customers can benefit from the smartest and most robust open source-based monitoring and observability solution around.
Check what else is new with each of our products in 2020:
We’re proud to share early access to our new Prometheus-as-a-Service for Logz.io Infrastructure Monitoring!
Prometheus is extremely popular for monitoring because of its simple architecture, implementation, and integrations with modern stacks in the cloud. But storing metrics over long periods of time with Prometheus can often require complex architectures and roll-up servers.
Prometheus-as-a-service allows teams to leverage all the best parts of Prometheus (like its cloud-native integrations) without the less-fun parts (like storing metrics over long periods of time). Get more information on this new offering here.
OSS grafana API Support
Logz.io has added support for the open source grafana API. In other words, you can use the OSS grafana’s integration within Logz.io.The open source grafana API is composed of many supported HTTP APIs that the frontend of OSS grafana uses to manage dashboards and dashboard versions, alerts, send snapshots, manage folders and make annotations. Learn more about how it works and how to set it up here.
Now, you can reserve a certain amount of log volume for each Sub Account and decide whether or not it should be capped. Flexible volume automatically optimizes your plan by distributing available log data across sub accounts. The result is that you can get more bang for your buck. Now, you can easily use all of the space in your plan without constantly tinkering with Sub Account Volume allocation. For more information, check out our article here.
Multiple Shipping Tokens
Pro and Enterprise users can now enjoy up to 5 Log Shipping tokens per account. This will make it easier to share tokens across multiple sub accounts and rotate them for security and compliance. Your account admin can easily manage each token, name them, disable, and enable them as needed. Find out more about our revamped shipping tokens feature here.
Smart Tiering helps our customers reduce costs by providing the flexibility to divide data across different tiers based on the desired balance between cost and availability. There are three tiers available:
- Real-Time Tier for your critical data, with the top real-time performance.
- Smart Tier for your active data, offering the same real-time performance as above, with reduced replication
- Historical Tier for your historical data, with archiving to your cloud object storage of choice
Learn more about each tier and how this feature can help you cut storage costs here.
Now you can use machine learning to isolate production issues right from Kibana using Logz.io Exceptions. Exceptions is a collection of machine learning analytics algorithms that analyze the exceptions in your log data and aggregate them by their signature. This means that instead of looking through over a million log lines in Kibana, Logz.io surfaces only a short list of common exceptions that you can start investigating. Find out more about Exceptions here.
Private Threat Intelligence Feeds
Nobody can spot all the malicious IP addresses throughout their entire log batch. That’s why we’ve included a number of reputable public threat feeds to find known malicious indicators in log data. In addition to these public feeds, now, Logz.io Cloud SIEM users can cross-reference log data with private threat intelligence feeds to identify malicious activity. With the option to use private feeds, Logz.io Cloud SIEM customers can now leverage threat information from a broader set of sources, increasing the scope and variety of security incidents they can detect in their environment. Learn more about Private Threat Intelligence Feeds here.
New Public Feeds
In addition to the private feeds mentioned above, we have also added the following public feeds:
Find out more about each of these feeds here.
Logz.io Alerts Correlation identifies sequences of alerts that are associated with the same attack, raising the severity and prioritization of the security incident. With this new ability, Logz.io will look for similarities in the data of logs pertaining to two or more alerts. If a relationship is found, it will trigger a new, high severity alert. For more information on Alert Correlation, check out the article here.
Multiple Security Accounts
Users can now create multiple security accounts within Cloud SIEM. This will let you use a multi-tenant setup so different groups in the company, or different customers (if you are an MSSP), will now be able to access their own data in a segregated environment.
Palo Alto Networks Partnership
This year, we announced a partnership between Palo Alto Networks and Logz.io Cloud SIEM. What does this mean? Now, our customers can have a centralized location with a consistent user experience for managing alerts, notifications, and information coming from Palo Alto Networks. Check out this blog post to learn how to set it up.
In addition, we’re also collaborating with Palo Alto Networks Cortex XSOAR, a SOAR (Security Orchestration, Automation, and Response) platform that combines many automated tools and iterations investigation of attacks, severity calculation, incident lifecycle and incident management. This integration combines the power of SIEM detection with SOAR response, with the advantage of security rules and feeds from both services. As a result, investigations are shorter and more automated. Learn more about how this integration works here.
Other Key Integrations
2020 was a huge year for Cloud SIEM integrations. We’re proud to have added so many technologies to our platform that make threat detection and investigation faster and easier than ever. Check out some of our new integrations below:
- Okta Integration
- Falco Integration
- OpenVAS Integration
- ESET Integration
- Trend Micro Integration
- Storm Shield and SonicWall Integrations
- Sentinel One
For the complete list of Cloud SIEM integrations, see our documentation.
Preview Query in Kibana
Want to simulate what a new rule would look like in Kibana before it’s implemented? Preview Query enables you to run a query in your logs and then review the results to make sure it works the way you need.
With this handy tool, you’ll be able to customize the window through which you see your security-relevant log data. This adds to the depth of Logz.io Cloud SIEM UI’s main Summary Dashboard and Threats Dashboard.
Looking Forward to 2021
Hope you enjoyed our roundup of 2020’s most exciting new features for Logz.io Log Management, Cloud SIEM, Infrastructure Monitoring, and Distributed Tracing. We’re looking forward to an even better 2021, which will bring even more features for you to enjoy.
Have suggestions of new features you want to see? Share them in the comments section below.
Happy New Year from the Logz.io family!