We have been busy adding new features to our growing list of abilities. Logz.io Cloud SIEM is no exception. Throughout 2020 we have been enriching our security incident and event management tool, refining threat intelligence, adding new dashboards, and improving the user experience to ensure there’s an eagle’s-eye view of the security challenges that organizations face.
Here are a few of those updates that we have recently put to production. Additionally, check out information on our developing Beta projects.
- Preview Query in Kibana
- Date Range
- New Threat Intelligence Feeds
- Private Feeds
- Multiple Accounts for MSSPs
- Branded Reports
Preview Query in Kibana
You can now simulate what a new rule will do by running the relevant query on your existing logs. Run the preview and then review the results to make sure it works the way you need.
The first feature addition is the time range selector. With this handy tool, you’ll be able to customize the window through which you see your security-relevant log data. This adds to the depth of Logz.io Cloud SIEM UI’s main Summary Dashboard and Threats Dashboard. Select the exact date in the Absolute panel, select the right time by half-hour intervals, then hit the greened Update button. Then hit the same button, which will now be blue and red, hit Refresh, then go.
We are constantly reviewing the threat intelligence feeds we use on Cloud SIEM. Recently, we have added a number of new feeds to our master list.
Owned and operated by OpenDNS, Phishtank is a free and open “community site” where users share phishing data. The information is tracked and verified by the community.
Bambenek Consulting IPs
Bambenek Consulting is a self-styled cybersecurity investigation firm. Their feed focuses on cyber “sinkholes.” Sinkhole IP addresses are used as a detour for malicious traffic away from a main server or machines that have been infected by malware. It is a strong defense used by security companies and researchers to reroute such traffic.
The feed includes a master feed of non-sinkholed IPs, high-confidence non-sinkholed IPs (and domains), a curated list of known sinkhole IPs, and more.
We are now piloting a feature allowing our users to add their own private and custom threat intelligence feeds to their accounts. Users can now add feeds that can’t be shared beyond their own teams, or that can only be used for their own logs. Feeds based on private data can now incorporate into their Logz.io Cloud SIEM accounts securely without fear of exposure.
Additionally, this will grant Logz.io Cloud SIEM users the chance to expand the scope of their threat intelligence and also target specific areas of activity that they might just find relevant.
Multiple Security Accounts
You can now create multiple security accounts within Cloud SIEM, just as in a Logz.io Operations account. This gives customers a lot more flexibility in building dashboards and compartmentalizing sensitive data.
This service will let MSSPs separate their own customers in a multi-tenant setup. Each of those customers will now be able to access their own data in an environment secured from MSSPs’ other customers.
Multiple security sub-accounts are perfect for MSSPs. However, any organization with multiple development environments who need segregation for security reasons will reap the benefits from the new feature.
Our clients use Logz.io to send reports to their own customers. The option is now available to replace the Logz.io logo in periodic reports, with our client’s logo. Users can define one logo per account.
If you are interested to join our Beta program and start using several security accounts, use your own private threat intelligence IPs feed, or try out branded reports, please send me an email at firstname.lastname@example.org.
More to Come
Stay tuned for more updates from the Logz.io Cloud SIEM team in the coming months. There is always more in the pipeline.