Spring has finally sprung! I realize that was a groaner, but new features are no joke – using them will simplify your troubleshooting process and open up time for all the cool tasks you want to do. Besides parsing logs, of course.
New Features in Security Analytics
Hold onto your seats because we made some sleek adjustments to our security analytics suite. A major update was revamping our Summary page, which is your entrypoint to the Security Analytics app:
Similar to how you would use any other Kibana dashboard, you can investigate issues the same way you normally would:
Using Drilldown, you can also hop between dashboards as you search for the root cause of an issue:
To help you jump right in rather than build everything from scratch, we’ve added new rules and dashboards for several common security needs including: GDPR compliance (based on a Wazuh integration), AWS GuardDuty, Microsoft Azure Active Directory, and Windows Firewall.
By request, this past month we added the ability to use sub-accounts with Alice, the Logz.io Slack bot! When you add a new Logz.io account to Alice you can provide it an alias (by default the alias is the actual account name). You can use this alias to differentiate sub-accounts as well as to set the default account for each channel using @Alice set channel account <alias.
If you need to review syntax and usage for any commands, just use @Alice help. For a refresher of all of Alice’s features, please take a look at her docs page. As a quick reminder: sub-accounts are a way for you to logically separate and control access to your data. A common use case is separating production and development data, or application and infrastructure data, which have different access and retention requirements. If you’re interested in exploring subaccounts more, please take a look at our accounts docs page.
Now on Kibana 6.3
You may have noticed around the new year that your accounts were upgraded to Kibana 6. To round off that update, autocomplete and kuery are now available! To enable, select “Options” and “turn on query features”:
And then run a quick kuery (couldn’t stop myself). Autocomplete picks up both field names and values, so when you start to type an invalid field name or value, you’ll know right away:
As an important note: we’re still working hard to support kuery with our alerts and optimizers, so while you can filter results in our UI using the latest kuery syntax you cannot create alerts or optimizers from those queries. For these, please keep using standard lucene.
On a closing note, just in time for spring cleaning we’ve released our new tags feature. This allows you to tag any alert or security rule to help you stay organized. Tags can be added by using the tag line:
Once you have your alerts and/or security rules tagged, in each case you can filter to view only the alerts / rules that you wish to see based on their tags. Neat, eh?
Where We’ll Be This Quarter
Want to come see us? We’re sponsoring and / or sending speakers to the following events this quarter.
- AWS Summit Amsterdam
- 17 April
- Amsterdam, The Netherlands
- Microsoft Ignite
- 24-25 April
- Stockholm, Sweden
- AWS Summit London
- 8 May
- London, England
- 14 May
- Tel Aviv, Israel
- Presentation: Sensory Friendly Monitoring
- KubeCon EU
- 21-23 May
- Barcelona, Spain