MistNet NDR has been renamed LogRhythm NDR.
During a transition period, you will see both names referenced in our documentation. In a later release, the user interface (UI) will be updated to include only references to LogRhythm NDR. At that time, our documentation will also be updated to only reference LogRhythm NDR.
- Users can now search for Ransomware events under the AlertEvent Events and differentiate/filter Ransomware AlertEvent instances from other AlertEvent instances.
- Users can now deny the creation of incidents for external entities based solely on IDS signatures.
Users can now use a test button to check the credentials of third-party integrations Shodan and Rapid7 into LogRhythm NDR.
- Users can now search for BitTorrent-only Connection events and differentiate/filter BitTorrent connection events from other Connection events.
- Users can now ingest NetFlow traffic so that it can be analyzed to help build models of normal behavior and identify anomalous and malicious behavior.
- Users can now view the IDS signature rule in AlertEvents.
- Vulnerability scanning data from Rapid7 and Qualys integrations is now used to help qualify IDS detections and reduce false positives.
Now offering proxy support for security environments that require restrictive network controls. For more information, see Proxy Support.
Users can now delete more than one incident at a time, instead of having to do them one at a time.
- Customer-facing documentation has been reorganized to better align with the user interface. There is now an analyst guide and an administrator guide.
- Upgraded the built-in MITRE ATT&CK framework in LogRhythm NDR for improved classification and description of cyber attacks and intrusions.
- Users can now proactively create a new Whitelist from scratch in the Whitelist page and view incidents that are valid and relevant, if they have the relevant information.
- Users can now see more verbose error reporting when threat intelligence content fails to upload in the System/Policy Management/Intel Rule. A table shows threat intelligence details such as Username, Provider Indicator, Indicator Type, etc.
- No deprecated features in this release.
Salesforce Case ID
|DE14344||431356, 429054||The Palo Alto integration now works with any PAN OS.|
|DE12726||421680||When searching from the Hunt / Mitre page, the user's selected query is no longer appended with the default query.|
All NetBios communication is now recognized as NetBios.
When set as local, subnets now show as local.
Host scores in dashboards now show correct numbers.
|DE13802||428048||The Main Dashboard now shows correct scores for users consistently.|
The Probe Node Status page now shows correct traffic volume for ProbeNodes.
|DE14336||433025||When searching from the Hunt Activity page, special characters in historical searches remain exactly what was entered.|
|DE14413||428792||This field has been filtered to now show only MITRE ATT&CK-related values.|
|DE14500||432798||When viewing the Hunt Incident / Details page, the blue "i" icon now shows in 4k resolution.|
|DE14604||435014||When a login request is submitted by local or service account, usernames no longer end with the $ sign.|
|DE15251||N/A||When downloading incidents (or download hosts) to CSV, total incidents data is now downloaded.|
|DE16256||440374||When the solar panel is checked, all network compliance policy violations are now shown.|
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.
|Bug ID||Components||Description||Release Notes|
|DE14817||NDR||LogRhythm NDR does not connect to AD if hardening is applied on DC.|
Expected Results: LogRhythm NDR should integrate with Active Directory (AD) even if AD is hardened.
Workaround: There is currently no workaround for this issue.