7.19.0 GA Release Notes - 7 January 2025

LogRhythm 7.19 introduces new capabilities for the Data Indexer warm node, more administrative functionality in the Web Console, performance improvements, and more! With this update, get faster search results, spend less time doing administrative tasks, and experience the performance and stability of LogRhythm’s latest SIEM release.

What’s new in SIEM 7.19:

Maintenance

Ultra-Warm Search Tier and Customizable Warm Tier Index Searches

Data Indexer warm nodes allows users to expand the time range for searchable data. Utilizing warm nodes in the cluster can allow you to get many months, even multiple years, of online data for Web Console searches. LogRhythm 7.19 makes warm tier searches even faster by leveraging the recent upgrade to Elasticsearch and performance improvements rolled out in 7.18. For more information on all search tiers, refer to the Search Tiers (Hot/Ultra-Warm/Warm/Cold) topic.

Ultra-Warm Tier

Version 7.19 introduces an Ultra-Warm tier between Hot and Warm for faster data access. Now a configurable number of warm indexes will remain open, giving you more instantly searchable data and faster search results.

Warm Tier Search Cycle

Better leverage available memory resources on the Warm node and search through closed indexes up to 4x faster. When searching through multiple days on the warm indexes in versions prior to 7.19, five closed indexes at a time were opened, searched, and closed again before moving onto the next five closed indexes. LogRhythm SIEM 7.19 can now cycle through 20 indexes at a time, returning lightning fast search results.

Web Console Log Source Onboarding Improvements

Stay in a single UI when onboarding pending syslog sources. Logs still being sent from a host that was thought to be retired? No problem! Version 7.19 adds the associate function in the Web Console so that you can easily link a pending source with an existing one. And by auto-resolving every new pending source received by the SIEM, highlighting pending sources that can be associated, and enhancing the grid filters, the workflow is now 66% fewer clicks. See the Manage Pending Log Sources topic for more information.

Cloudflare Beat using AWS S3 Buckets

Get the data you need to detect and respond to security incidents. New out-of-the-box support with System Monitor Agents versions 7.19 and above gives administrators the ability to collect Cloudflare logs from AWS S3. Using the AWS S3 beat, users can configure collection of Cloudflare logs right from the Web Console. See the Configure AWS S3 topic for more information.

Streamlined Log Source Request Form

Quickly request support for new log sources from the Web Console. This built-in feature makes providing feedback simple, convenient, and accurate.

Log Source Additions and Improvements

As part of the bi-weekly LogRhythm SIEM Knowledge Base updates over the last quarter, nearly 50 log sources have been updated and/or improved, and 12 new log sources have been added, allowing for customers to increase their security footprint with log visibility within the LogRhythm SIEM.

New Log Sources	Updated or Improved Log Sources
Syslog - NetScout OCI CEF Syslog - ManageEngine Password Manager Pro Syslog - Open Collector - AWS S3 Cloudflare Audit Logs Syslog - Open Collector - AWS S3 Cloudflare Firewall Logs	API - AWS Config Event API - AWS S3 Flat File API - AWS S3 Server Access Event API - BeyondTrust Retina Vulnerability Management API - Cisco IDS/IPS API - IP360 Vulnerability Scanner API - Metasploit Penetration Scanner API - NeXpose Vulnerability Scanner API - Office 365 Message Tracking API - Salesforce EventLogFile API - Sourcefire eStreamer Flat File -Apache Tomcat Access Log Flat File - Beacon Endpoint Profiler Flat File - Blue Coat Proxy CSV Format Flat File - Bro IDS Critical Stack Intel Log Flat File - Broadcom SiteMinder Flat File - CA ACF2 for z/OS - ACFRPTDS Flat File - CA ACF2 for z/OS - ACFRPTEL Flat File - CA ControlMinder Flat File - Cisco NGFW Flat File - Citrix Presentation Server Flat File - Citrix Secure Gateway Flat File - ColdFusion Application Log Flat file - ColdFusion Exception Log Flat File - ColdFusion Mail Log Flat File - ColdFusion Mailsent Log Flat File - DocWorks Flat File - eClinicalWorks Audit Log	Flat File - EMC Isilon Flat File - FireEye Web MPS Flat File - Forcepoint Web Security CEF Cloud Format Flat File - Forescout CounterACT Flat File - FundsXpress Flat File - HMC Flat File - IBM 4690 POS Flat File - IBM WebSphere Cast Iron Cloud Integration Flat File - Juniper Steel Belted Radius Server Flat File - LOGbinder EX Flat File - McAfee ePO HIPS Flat File - McAfee Foundstone Flat File - McAfee SaaS Web Protection Flat File - McAfee Web Gateway Audit Log Flat File - Merak Flat File - MS Exchange 2016 Message Tracking Log Flat File - MySQL Flat File - MySQL error.log Flat File - Office 365 Message Tracking Flat File - Postfix LogRhythm Diagnostic Messages MS Windows Event Logging - Application MS Windows Event Logging XML - Application MS Windows Event Logging XML - PowerShell MS Windows Event Logging XML - Security Syslog - Imperva SecureSphere Syslog - SentinelOne CEF Syslog - Trend Micro Deep Security CEF	Syslog - AIX Host Syslog - BSD Host Syslog - Cb Response LEEF Syslog - Cisco Router Syslog - Cisco Switch Syslog - Cisco Wireless Access Point Syslog - HP-UX Host Syslog - IRIX Host Syslog - Linux Host Syslog - Postfix Syslog - Solaris Host Syslog - Apache Error Log Syslog - Bluecat Adonis Syslog - Cisco APIC Syslog - F5 BIG-IP ASM v12 Syslog - Fortinet FortiGate Syslog - Generic Linux OS Syslog - Kemp Load Balancer Syslog - Medigate CEF Syslog - Radware Alteon Load Balancer Syslog - Sophos UTM Syslog - VMware Horizon View Flat File - Apache Tomcat Console Log Syslog - Apache Error Log Syslog - Cisco Nexus Switch Syslog - Cisco Web Security

Enhancements & Resolved Issues

Platform Updates

LogRhythm 7.19 is packed with platform updates to improve security, performance, and stability. Spend more time hunting for threats and less time managing the platform.

TLS 1.3 support added to the Windows System Monitor Agent for improved encryption.
Refactored high-traffic Client Console pages for faster load times:
- Deployment Manager: System Monitor
- Deployment Manager: AI Engine
- Deployment Monitor
Alarming and Response Manager service upgraded to .NET 8 for improved stability and performance.
Support for Windows 2025 in Windows Host Wizard and Entity OS selection.
SQL 2022 installed by default for new installations.

SQL Trust Server Certificate and Custom Certificate Installation

A new option to “Trust server certificate” has been added to the Data Processor, AIE, and Platform Manager Configuration Managers to resolved service startup issues that had been occurring periodically since the update to LogRhythm SIEM version 7.17. This new option defaults to “true” so that the SQL Server self-generated certificate will be trusted. There has also been new documentation added regarding the installation of a custom SQL certificate, which can be found at Create a Certificate for Microsoft SQL Server Connections.

Resolved Issues

Bug #	Component	Description
ENG-34659	Reporting	An issue with the Usage Auditing Event Detail report not adhering to certain filters has been resolved.
ENG-48585 ENG-49194	Client Console: Deployment Manager	The performance of the Deployment Manager tab has been improved in the following ways to prevent long load times: Improved data retrieval using optimized database procedures Improved rendering Better async handling
ENG-54751	Reporting	The Log Volume Report no longer fails to load in certain situations where filters are applied and a previous Log Volume Report has been loaded.
ENG-57637	Reporting	An issue with the Case Management Metrics report generated under the “Object Collection: Report Templates: 7.2 Featured Objects” not adhering to certain filters has been resolved.
ENG-60936	Data Processor: Agents	An issue with the Data Processor not accepting Agent connections in certain situations after upgrading to SIEM version 7.17 has been resolved. For more information on how this issue has been resolved, refer to SQL Trust Server Certificate and Custom Certificate Installation.
ENG-61035	Log Sources	When creating a new log source type for “MS Windows Event Logging - Backup,” the file path now auto-populates with the correct value.
ENG-61245	Knowledge Base	An issue with the Knowledge Base Sync History showing results out of chronological order if errors are present has been resolved.
ENG-61679	Reporting	An issue with “Event Management” report class reports displaying inaccurate information in the log output files has been resolved.
ENG-61840	Log Parsing	The Azure Event Hub parser has been updated to include the “server_principal_name” field.
ENG-61897	Web Console: Dashboards	In the Web Console, zooming in on the Analyze Dashboard no longer causes data to disappear or display “No Available Data” on widgets.
ENG-61900	Web Console: Search	When “MPE Rule Name” is used as a filter in a Web Console search, the dropdown selector no longer lists duplicate MPE Rule Names, which caused duplicated search results.
ENG-62091	Client Console: Deployment Manager	You can now correctly modify the MaxMessageCount value for multiple log sources at once to a value up to 50,000 on the Log Sources tab.
ENG-62209	Admin API	You can now correctly modify the MaxMessageCount value for multiple log sources at once to a value up to 50,000 using the Admin API.
ENG-62175 ENG-62176	Log Parsing	The MSGraph API parser has been improved to more accurately parse logs.
ENG-62339 ENG-62468	Client Console: Deployment Manager	The “Last Log Message” field now correctly displays data as expected in the Deployment Manager - Log Sources screen.
ENG-62343	Installations	An issue with .NET Core not being automatically installed on Windows Server 2022 has been resolved.
ENG-62347	Data Processor	An issue with enabling or disabling Data Processor Pooling causing Agents to stop collecting logs has been resolved.
ENG-62467	AI Engine	An issue with the AI Engine service failing to start in certain situations after upgrading to LogRhythm SIEM version 7.18 has been resolved.

Resolved Issues - Security

Security-related issues resolved with this release are available for customers to view in the Community.

Known Issues

The following issues have each been found and reported by multiple users.

Bug #	Found In Version	Components	Description	Notes
ENG-41651	7.12	Web Console	After upgrading to 7.12 or newer, the CAC authorization used to log in to the Web Console stops working.	Expected Results: The CAC authorization should work when logging in to the Web Console. Workaround: There is currently no workaround for this issue.
ENG-61968	7.17	Alarm Rules	Alarms only trigger if the threshold is set to one occurrence. If the threshold is set to two or more occurrences, alarms do not trigger.	Expected Results: The alarm should trigger correctly based on the threshold configured. Workaround: There is currently no workaround for this issue.
ENG-62271	7.18	Data Indexer	After upgrading to 7.18, LogRhythm has bundled an upgrade to Elasticsearch OSS 7.10.2 which uses log4J version 2.11.1 and may flag on scanners as being affected by a remote code execution vulnerability in the JNDI parser.	LogRhythm bundled in the jvm options of the 7.18 release mitigations for the log4J vulnerabilities by setting the “-Dlog4j2.formatMsgNoLookups=true”. This is present on both the Windows and Linux build of the Data Indexer. Scanner findings can be considered a false positive. The log4J version will be updated in a future release as part of the DX Update roadmap in 2025.
ENG-62332	7.18	Data Indexer	Clusters Containing >600 days of Hot TTL fail to create new indexes due to Shards Per Node limit	Workaround: Adjust GoMaintain TTL from -1 to 365days or less. Clear restore archive indexes using “curl -xdelete localhost:9200/logsar-*”
ENG-61278	7.19	APIs	After upgrading to LogRhythm SIEM version 7.19, servers running Windows Server 2012 R2 may throw errors when attempting to use the LogRhythm API.	Expected Results: The LogRhythm API should function as expected. Workaround: A workaround for this issue has been documented at LogRhythm API Gateway Error on Windows Server 2012 R2.