Axon 2023.07 Release Notes
Welcome to the July 2023 release of LogRhythm Axon! There are many exciting updates included in this release that we hope you'll like. Brief explanations of the updates are grouped into the following sections:
Key highlights include:
Assisted Search Updates
Email Notifications
Analytics Rule Metadata
Webhook Collector
Detections
Analytics Rules Email Notifications
Axon users can now subscribe to email Notifications for analytics observations, leading to greater efficiency and improved incident response times.
Threat Level Setting and Additional Metadata Assignment
The Axon Rule Builder has been updated to include the option to set a Threat Level and other threat-based meta-data fields while creating or editing a rule. This information will be assigned to all detections made by the rule and can be included in search queries. This also allows users to use these fields in widgets and create threat-based dashboards.
MITRE Detection Rule Additions
The following MITRE Detection out-of-the-box rules are now available to be enabled in an Axon environment:
T1547.001:Registry Run Keys/Startup Folder
T1021.002:SMB/Windows Admin Shares
T1082:System Information Discovery
T1059.001:PowerShell
T1057:Process Discovery
T1047:Windows Management Instrumentation
T1070.006:Timestomp
T1069:Permission Groups Discovery
T1087:Account Discovery
T1218.011:Rundll32
T1569.002:Service Execution
T1218.010:Regsvr32
T1566.001:Spearphishing Attachment
T1550.003:Pass the Ticket
T1558.003:Kerberoasting
T1190:Exploit Public-Facing Application:SQL Injection
T1484.002:Domain Trust Modification
T1552.004:Private Keys
T1489:Service Stop
T1059.003:Windows Command Shell
T1490:Inhibit System Recovery
T1562.001:Disable or Modify Tools:Windows Defender
T1106:Native API
T1027:Obfuscated Files or Information
T1059.001:PowerShell:ProviderLifeCycle
T1558.003:Kerberoasting:Invoke-Kerberoast
T1562.002: Impair Defenses: Disable Windows Event Logging
T1539:Steal Web Session Cookie
Analyst Experience
Assisted Search Updates
An enhancement to the new Search experience has been released to make construction of search queries even faster and more accurate.
Date Picker. Easily select the time frame for your query with a few clicks.
The action menu, which provides the ability to create a query group, delete a clause, filter a field name, and filter a description.
A new + icon to add a new query field to your search screen, making the process more intuitive.
.gif?inst-v=f187cbc2-489c-40a4-b8f4-3994ee8c1584)
For more information on Assisted Search functionality, refer to the Search topic.
Data Collection
Webhook Collection
Axon hosted Webhook collectors add to our collection technology. The Axon Webhook collector supports Basic and Token Authentication models.
Import/Export Processing Policies
Log source types (and their underlying processing policies) can now be imported and exported from Axon through the Message Processing page. This allows users to share configured policies for their log source types with other users to simplify the policy setup process.
Axon Agent Updates
Agent-side Log Filtering is now available. Axon Linux and Windows Agents can use regular expressions to specify which logs to include or which logs to exclude. These filters can be applied to Axon Agent Flat File Collectors, Axon Agent Syslog Collectors, or Axon Agent Windows Event Log Collectors.
Platform Improvements
EU Hosting Region
Axon has expanded its global reach with a hosting region in the EU. Status updates related to the new instance, now live, can be found on our status page.
API Documentation
Documentation on how to work with the Axon List Management and Search APIs has been published to the docs site. Admins can now create and manage lists programmatically, and partners will enjoy greater efficiency when executing searches across multiple end customers because there is no need to log in to each individual environment.
SOC2
Axon has achieved SOC2 Type 1 certification. Rest assured that your data is secure, confidential, and highly available with Axon.
Resolved Issues
The following issues have been resolved since the April 2023 release of Axon:
Bug ID | Release Notes |
|---|---|
ENG-32214 | Endpoint validation now ensures that correct content_tenant_id names are used. |
ENG-31834 | The AWS Collector no longer gets hung up in the "Connecting" state in certain situations. |
ENG-32956 | The Dashboard bar chart widget no longer displays inconsistent data for different time ranges. |
ENG-34923 | The Carbon Black Collector configuration now includes the "Log Collection Endpoint" field to prevent environment mismatch errors when connecting. |
ENG-34478 | The CrowdStrike Collector no longer fails to collect all available logs in certain situations. |
ENG-29803 | Exporting a search to a CSV file no longer removes characters from the raw log. |
ENG-32663 | Tooltips on the bar chart widget now stay in place for a longer period of time, allowing for easier drill-down. |
ENG-31037 | Drilling down on an "Undefined" value on a Dashboard widget no longer causes an error in certain situations. |
ENG-31687 | The bar chart widget no longer incorrectly shows negative values in certain situations when displaying top log sources. |
ENG-31379 | Windows Axon Agents now require much less CPU usage when using minimum specs. |
ENG-29097 | Processing policies no longer incorrectly display a warning message in certain situations. |
ENG-26904 | Unretired collectors now correctly begin collecting logs from the current time. |
ENG-36021 | Sorting a dataset by the "raw log message" field no longer generates an error. |
ENG-29580 | The table chart widget now correctly displays results from a saved search. |
ENG-26849 | Rule blocks with filters that reference a list can now be saved. |