What’s New with Logz.io Cloud SIEM — August 2020

We have been busy adding new features to our growing list of abilities. Logz.io Cloud SIEM is no exception. Throughout 2020 we have been enriching our security incident and event management tool, refining threat intelligence, adding new dashboards, and improving the user experience to ensure there’s an eagle’s-eye view of the security challenges that organizations face. 

Here are a few of those updates that we have recently put to production. Additionally, check out information on our developing Beta projects.

• Preview Query in Kibana
• Date Range
• New Threat Intelligence Feeds
• Beta
  • Private Feeds
  • Multiple Accounts for MSSPs
  • Branded Reports

Preview Query in Kibana

You can now simulate what a new rule will do by running the relevant query on your existing logs. Run the preview and then review the results to make sure it works the way you need.

Kibana Query Preview in Logz.io Cloud SIEM

Date Range

The first feature addition is the time range selector. With this handy tool, you’ll be able to customize the window through which you see your security-relevant log data. This adds to the depth of Logz.io Cloud SIEM UI’s main Summary Dashboard and Threats Dashboard. Select the exact date in the Absolute panel, select the right time by half-hour intervals, then hit the greened Update button. Then hit the same button, which will now be blue and red, hit Refresh, then go.

Date Range

New Feeds

We are constantly reviewing the threat intelligence feeds we use on Cloud SIEM. Recently, we have added a number of new feeds to our master list. 

PhishTank                   

Owned and operated by OpenDNS, Phishtank is a free and open “community site” where users share phishing data. The information is tracked and verified by the community. 

REScure         

REScure maintains different blacklists for domains, IPs, and malware. They also have announced one specifically refined to track phishing and malicious domains related to COVID-19.

Bambenek Consulting IPs  

Bambenek Consulting is a self-styled cybersecurity investigation firm. Their feed focuses on cyber “sinkholes.” Sinkhole IP addresses are used as a detour for malicious traffic away from a main server or machines that have been infected by malware. It is a strong defense used by security companies and researchers to reroute such traffic.

The feed includes a master feed of non-sinkholed IPs, high-confidence non-sinkholed IPs (and domains), a curated list of known sinkhole IPs, and more.

In Beta

Private Feeds

Threat Intelligence Feeds

We are now piloting a feature allowing our users to add their own private and custom threat intelligence feeds to their accounts. Users can now add feeds that can’t be shared beyond their own teams, or that can only be used for their own logs. Feeds based on private data can now incorporate into their Logz.io Cloud SIEM accounts securely without fear of exposure.

Additionally, this will grant Logz.io Cloud SIEM users the chance to expand the scope of their threat intelligence and also target specific areas of activity that they might just find relevant. 

Multiple Security Accounts 

Multiple Security Accounts with Logz.io Cloud SIEM

You can now create multiple security accounts within Cloud SIEM, just as in a Logz.io Operations account. This gives customers a lot more flexibility in building dashboards and compartmentalizing sensitive data. 

This service will let MSSPs separate their own customers in a multi-tenant setup. Each of those customers will now be able to access their own data in an environment secured from MSSPs’ other customers. 

Multiple security sub-accounts are perfect for MSSPs. However, any organization with multiple development environments who need segregation for security reasons will reap the benefits from the new feature.

Branded Reports

Our clients use Logz.io to send reports to their own customers. The option is now available to replace the Logz.io logo in periodic reports, with our client’s logo. Users can define one logo per account.

If you are interested to join our Beta program and start using several security accounts, use your own private threat intelligence IPs feed, or try out branded reports, please send me an email at smadar.paradise@logz.io.

More to Come

Stay tuned for more updates from the Logz.io Cloud SIEM team in the coming months. There is always more in the pipeline.