Skip to main content
Skip table of contents

7.14.0 GA Release Notes - 2 October 2023

Introducing LogRhythm SIEM 7.14! In this version, we introduce Open Collector and Beat management within the Web Console along with many other great features. LogRhythm is focused on making log collection easy. In this version, we start by streamlining the Open Collector and Beat log sources. With streamlined onboarding workflows and under-the-hood product enhancements, you can focus less on SIEM administration and more on security.

Key Highlights


Open Collector and Beat Management in Web Console

LogRhythm Administrators want an easy and streamlined workflow to onboard and manage Open Collector. LogRhythm SIEM 7.14 brings this functionality to the Web Console! Integrate Open Collector with the SIEM and use the Web Console to deploy Beats and collect their log sources.

With this complete workflow all contained within the Web Console, security teams can now focus more on security and less on configuration. In this release the following Beats can be on-boarded and managed directly within the Web Console, cutting administration time in half.

  • AWS S3

  • Azure Event Hub

  • Carbon Black Cloud

  • Cisco AMP

  • Duo Authentication Security

  • Kafka

  • Microsoft Graph API

  • Prisma Cloud

  • Proofpoint

  • PubSub

  • Symantec WSS

LogRhythm SIEM 7.14 makes it easy to collect from cloud log sources with the new workflow and management all contained in the web console.

Open Collector and Beat Management in the Admin API

With new features, come new REST API endpoints! LogRhythm 7.14 further extends the automation capabilities of the Admin API so that you can programmatically:

  • Manage Beats

  • Manage Open Collector

  • Manage DP Pooling

  • Add Log Source and Agent parameters

New to the API and wondering how to get started? Learn more about the Community!

Resource Center

The LogRhythm SIEM’s new Resource Center offers Analysts quick access to important LogRhythm resources like Community, Documentation and Support. Additionally, the Onboarding section gives new users in-app tutorials to help them get comfortable with the LogRhythm Web Console. And finally, the Announcements section will be introduced in the Resource Center so customers are aware of the latest updates and critical information from LogRhythm.

The example guide teaches users how to use LogRhythm SIEM without having to leave the Web Console.

Send Logs to Axon from the System Monitor Agent

As LogRhythm Axon’s popularity increases, we want to make migration easier for customers switching to Axon. LogRhythm SIEM 7.14 gives users the power to forward a copy of their logs to Axon. Customers can easily do a proof of concept in Axon while still maintaining their current LogRhythm SIEM deployment. For customers who choose to migrate to Axon, onboarding to the new platform will be a smooth transition. While Axon has its own Agent, this speeds up the ability to get logs into Axon by sending logs to both the Data Processor and Axon. Previously only available in limited situations, now all customers can leverage both platforms!

The Axon Settings tab of the System Monitor Agent Properties makes it easy to start forwarding logs to your Axon tenant.

LogRhythm Cloud (LRC) Deployment Statistics

With the introduction of the Deployment Statistics, LogRhythm Cloud customers can now get more insight on their deployment. Quickly access important information such as current MPS, average log size, and details regarding archives (if applicable).

Enhancements & Resolved Issues

Bug #




Active Directory

After upgrading to version 7.13, users no longer see AD sync errors or duplicate users in the People tab. Also, there are no error messages or warnings in the Job Manager log.


Admin API

When using the Admin API, the isSilentLogSourceEnabled value is now set according to the input parameter value in the API request.



When SSLStream cannot send logs to the Mediator, the Agent does not show the sent message in the log.


Agents: Office 365 Log Collection

Office 365 log collection no longer stops even when volume is reduced.


Agents: UDP Syslog Log Collection

After updating to version 7.14, customers can override the ReceiveBuffer Limit to prevent data loss and log drop issues for UDP Syslog log collection.


AI Engine: Communication Manager

When the AI Engine Communication Manager starts, it can now connect to the EMDB and configure the file successfully.


AI Engine

Connecting to the AI Engine Communication Manager enables the AI Engine Data Provider to store data in the suspended state of the LogRhythm Mediator Server until the Data Provider is restarted. Even if the initial connection between the AIE Data Provider and the AIE Communication Manager is lost due to network problems, the data will be saved and reconnected.


AI Engine

AIE alarms that are triggered by any log source Entity now display the correct Entity name.


AI Engine

The AI Engine now starts after a rule update as expected.


AI Engine: MPE Rules

When opening or creating sub-rules, the MPE rule is no longer automatically saved. This allows users to complete multiple sub-rule changes before saving the MPE rule and causing the Mediator Service to restart. (Applies to 7.14 release only.)


Alarm API

When using the Alarms API, the alarms results now respect the query request direction (ascending or descending order options).


Alarm API

When using wildcard or pattern-matching filters in the Alarm API, alarm results are now displayed as expected.


Alarm API

When using the Alarm API Endpoint Get: lr-alarm-api/alarms, Alarm API no longer returns duplicate alarms.



The API Gateway no longer causes the non-paged pool memory to increase when it does not receive a response from an endpoint, and the Data Processor now performs as expected without a backlog. 


Client Console: Log Sources

When LR Enhanced Audit files are used to execute the LR_sqlaudit_create_leastprivuser.sql script, the AIERruleToEngine UDLA log source is now set without any issues.


Client Console

When using the Client Console, the Syslog timestamp UTC offset calculation is now correct.


Client Console: Agents

The recommended value and default value for OriginalMessage are now set to True for an Agent in the Advanced Properties of the Client Console.


Client Console: User Profile Manager

Changes can now be applied to all users in the User Profile Manager of the Client Console.


Common Components

Common components now automatically recover and function as expected after network outage.


Database Upgrade Tool

When using the Database Upgrade Tool update from 7.10 to 7.12, the user no longer receives errors and the DB upgrade works properly despite the dashboard changes.


Data Indexer: Transporter

Transporter now fully starts after receiving service restart command at UTC midnight.


Data Indexer: Transporter

The Transporter no longer fails to index when a field is larger than the maximum length allowed. With 7.14 release, users can now change the MaxLuceneStringLength parameter. (Default = 32700, Min = 30000, Max = 32767)


Data Processor

Added a new TTL setting that allows customers to stop archiving old logs that are older than the TTL time period.



Reference Architecture documentation has been updated to include relevant information.



Removed host URL links from API documentation because information on endpoints is now published on


Infrastructure: Database Scripts and Upgrade Scripts

When running database script, cluster creation now occurs in order as IP addresses become available.


Installation Components

DR SQL transaction logs no longer fill the L: drive when unable to sync to secondary nodes.


Job Manager

When using Gmail’s SMTP server with SSL enabled, the Job Manager now sends scheduled reports as expected.


Job Manager

After using the Job Manager to sync the Active Directory, new AD users that were created in the People tab from the Group configured in Profile Manager are now displayed correctly.


Metrics Collection Service

The metrics collection file no longer contains telemetric parsing errors from Datadog.


LR Cloud: Enhanced Auditing

Shadow tables are no longer dropped and recreated during upgrade.


Open Collector/Beats

The User Principal Name field is now parsed from Azure Defender logs.


Threat Intelligence Service

When using the Threat Intelligence Service custom STIX/TAXII feed, users can now configure the data of NumofBackDaysData according to their requirements.


Threat Intelligence Service

When using Threat Intelligence Service, after configuring the custom provider, the correct list file is available under the list default folder (C:\Program Files\LogRhythm\LogRhythm Job Manager\config\list_import\).


Threat Intelligence Service

When using the Threat Intelligence Service, feeds after July 25, 2023, are now downloading.


Web Console

When a time range is applied to the dashboard filter in the Web Console, the widget now displays data relevant to that time range.


Web Console

While using the Web Console, the Typeahead filters now display the correct column values.


Web Console: UI

When using the Web Console, after editing a dashboard and applying a longer filter in the Dashboard Filter field, the dashboard filter is displayed in a shortened form.


Web Console

In larger deployments that upgraded to 7.12, the Web Console no longer has the rate limiting issues that were causing users to experience instability in their environments.


Web Console

While using Web Console, after typing an open or closed parenthesis character "(", ")" or brackets "[", "]", the Known Values Browser does not close out anymore. It displays results accordingly.

Resolved Issues - Security

Security-related issues resolved with this release are available for customers to view on the Community.

Known Issues

The following issues have each been found and reported by multiple users.

Bug #

Found In Version



Release Notes



AI Engine

When drilling down on an alarm with Host (Impacted) in the Group By field, the action fails and returns the following error:

"LogRhythm encountered an error reading the extended AI Engine metadata for this Event. It might be an unexpected non-printable character in a textual field. Please make a copy of the Log Message field (Raw Log Data) of this Event and contact LogRhythm Customer Support"

Expected Results: Drill down results should appear without returning an error.

Workaround: There is currently no workaround for this issue.



Alarm API

When using the XSOAR integration with Alarm API, requests periodically return a 500 internal server error.

Expected Results: The integration should work without returning an error.

Workaround: Retry the request until it succeeds.



Knowledge Base

When parsing logs associated with Syslog Linux Host, the Mediator returns the following error message:

“Regex rule match timed out.”

Expected Results: The regex rule should parse successfully without timing out.

Workaround: There is currently no workaround for this issue.



Search API

After upgrading to 7.13, the LogRhythmWebUI password reverts to default, and Search API fails to log in.

Expected Results: When LogRhythmWebUI password is changed, it should not revert to default when upgrading.

Workaround: There is currently no workaround for this issue.



SmartResponse Plugins

When SmartResponse Plugin scripts are modified but not triggered for 7 days, the custom changes are deleted and the SRP reverts to default settings.

Expected Results: When SRP scripts are modified, the changes should be retained.

Workaround: There is currently no workaround for this issue.




Tools: TIS

The PhishTank TIS feed contains an unusually long URL that prevents the List Indicies in the Data Indexer from updating and causes drill down searches to fail.

Expected Results: Drill down results should appear without returning an error.

Workaround: Replacing the list file with a manually sanitized file will temporarily resolve the issue, until it happens again.




Web Console

After upgrading to 7.12 or 7.13, the CAC authorization used to log in to the Web Console stops working.

Expected Results: The CAC authorization should work when logging in to the Web Console.

Workaround: There is currently no workaround for this issue.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.