MistNet NDR has been renamed LogRhythm NDR.
During a transition period, you will see both names referenced in our documentation. In a later release, the user interface (UI) will be updated to include only references to LogRhythm NDR. At that time, our documentation will also be updated to only reference LogRhythm NDR.
- EDR integration now provides higher-level threat detection and response capabilities for endpoints (workstations and servers), enabling the user to more thoroughly and comprehensively respond to threats.
- ServiceNow integration now allows automatic transfer of information from NDR to ServiceNow and reflects changes in Incident updates from NDR.
- VirusTotal Integration now provides the user the ability to add VirusTotal credentials in the config page, check whether the credentials provided are valid, and check incidents and cases against the VirusTotal database.
New Features in the New NDR UI
- Top Policy Violations Notification Widget now gives SOC Admins visibility on users' adherence to policies. They can also quickly follow up with end users who violate policies.
- The new UI has been updated with functionality and improvements in the following areas:
- Firewall and endpoint integrations
- Incident management
- Operational settings: data masking and SAML/SSO
- System: audit trail, case events, health alert, probe node status, scored events, and system info
- Rapid 7 configuration
- Role-based menus and page authentication
- Timeline view
- Active directory and LDAP
- Anomali and whitelist policy management
- No deprecated features in this release.
Salesforce Case ID
|N/A||VirusTotal now functions as expected, and malicious IPs are detected.|
|DE16474||451283, 450147||Expiry date can now be updated in the whitelist page.|
|DE16660||452738||The WMIC query no longer fails.|
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.
Log in to the New NDR UI
- Log in to the LogRhythm NDR UI.
- In the top right of the page, place your cursor over your profile name and role and click Edit Profile.
The Edit Profile page appears.
- To enable the Keycloak login, click the Enable Keycloak Login checkbox.
The Credentials for Keycloak login box appears.
- Type a new password in the Password field and in the Confirm Password field and click Create.
The message "Created Successfully" appears.
- Click Ok.
- Click the blue Try New UI tab.
The new UI opens in a new tab.
- Enter your username and new password you created and click Sign In.
The Dashboard of the new UI appears.