Skip to main content
Skip table of contents

Axon 2023.07 Release Notes

Welcome to the July 2023 release of LogRhythm Axon! There are many exciting updates included in this release that we hope you'll like. Brief explanations of the updates are grouped into the following sections:

Key highlights include:

  • Assisted Search Updates

  • Email Notifications

  • Analytics Rule Metadata

  • Webhook Collector


Analytics Rules Email Notifications

Axon users can now subscribe to email Notifications for analytics observations, leading to greater efficiency and improved incident response times. 

Threat Level Setting and Additional Metadata Assignment

The Axon Rule Builder has been updated to include the option to set a Threat Level and other threat-based meta-data fields while creating or editing a rule. This information will be assigned to all detections made by the rule and can be included in search queries. This also allows users to use these fields in widgets and create threat-based dashboards.

MITRE Detection Rule Additions

The following MITRE Detection out-of-the-box rules are now available to be enabled in an Axon environment:

  • T1547.001:Registry Run Keys/Startup Folder

  • T1021.002:SMB/Windows Admin Shares

  • T1082:System Information Discovery

  • T1059.001:PowerShell

  • T1057:Process Discovery

  • T1047:Windows Management Instrumentation

  • T1070.006:Timestomp

  • T1069:Permission Groups Discovery

  • T1087:Account Discovery

  • T1218.011:Rundll32

  • T1569.002:Service Execution

  • T1218.010:Regsvr32

  • T1566.001:Spearphishing Attachment

  • T1550.003:Pass the Ticket

  • T1558.003:Kerberoasting

  • T1190:Exploit Public-Facing Application:SQL Injection

  • T1484.002:Domain Trust Modification

  • T1552.004:Private Keys

  • T1489:Service Stop

  • T1059.003:Windows Command Shell

  • T1490:Inhibit System Recovery

  • T1562.001:Disable or Modify Tools:Windows Defender

  • T1106:Native API

  • T1027:Obfuscated Files or Information

  • T1059.001:PowerShell:ProviderLifeCycle

  • T1558.003:Kerberoasting:Invoke-Kerberoast

  • T1562.002: Impair Defenses: Disable Windows Event Logging

  • T1539:Steal Web Session Cookie

Analyst Experience

Assisted Search Updates

An enhancement to the new Search experience has been released to make construction of search queries even faster and more accurate.

  • Date Picker. Easily select the time frame for your query with a few clicks.

  • The action menu, which provides the ability to create a query group, delete a clause, filter a field name, and filter a description.

  • A new + icon to add a new query field to your search screen, making the process more intuitive.

For more information on Assisted Search functionality, refer to the Search topic.

Data Collection

Webhook Collection

Axon hosted Webhook collectors add to our collection technology.  The Axon Webhook collector supports Basic and Token Authentication models.

Import/Export Processing Policies

Log source types (and their underlying processing policies) can now be imported and exported from Axon through the Message Processing page. This allows users to share configured policies for their log source types with other users to simplify the policy setup process.

Axon Agent Updates

Agent-side Log Filtering is now available.  Axon Linux and Windows Agents can use regular expressions to specify which logs to include or which logs to exclude.  These filters can be applied to Axon Agent Flat File Collectors, Axon Agent Syslog Collectors, or Axon Agent Windows Event Log Collectors.

Platform Improvements

EU Hosting Region

Axon has expanded its global reach with a hosting region in the EU. Status updates related to the new instance, now live, can be found on our status page

API Documentation

Documentation on how to work with the Axon List Management and Search APIs has been published to the docs site. Admins can now create and manage lists programmatically, and partners will enjoy greater efficiency when executing searches across multiple end customers because there is no need to log in to each individual environment. 


Axon has achieved SOC2 Type 1 certification. Rest assured that your data is secure, confidential, and highly available with Axon. 

Resolved Issues

The following issues have been resolved since the April 2023 release of Axon:

Bug ID

Release Notes


Endpoint validation now ensures that correct content_tenant_id names are used.


The AWS Collector no longer gets hung up in the "Connecting" state in certain situations.


The Dashboard bar chart widget no longer displays inconsistent data for different time ranges.


The Carbon Black Collector configuration now includes the "Log Collection Endpoint" field to prevent environment mismatch errors when connecting.


The CrowdStrike Collector no longer fails to collect all available logs in certain situations.


Exporting a search to a CSV file no longer removes characters from the raw log.


Tooltips on the bar chart widget now stay in place for a longer period of time, allowing for easier drill-down.


Drilling down on an "Undefined" value on a Dashboard widget no longer causes an error in certain situations.


The bar chart widget no longer incorrectly shows negative values in certain situations when displaying top log sources.


Windows Axon Agents now require much less CPU usage when using minimum specs.


Processing policies no longer incorrectly display a warning message in certain situations.


Unretired collectors now correctly begin collecting logs from the current time.


Sorting a dataset by the "raw log message" field no longer generates an error.


The table chart widget now correctly displays results from a saved search.


Rule blocks with filters that reference a list can now be saved.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.