NDR 2023.07 Release Notes
Welcome to the July 2023 release of LogRhythm NDR. This version has many updates, but we first want to highlight a few exciting recent developments for LogRhythm NDR.
LogRhythm NDR New UI - The procedure to switch to the Legacy UI during or after login is available in the Improvements section of this document.
Customer Feedback Opportunities
We always welcome your feedback!
If you have an idea for LogRhythm NDR, we encourage you to post it on the LogRhythm NDR Community.
If you want to speak with our Product Team, schedule a LogRhythm NDR Customer Feedback Session.
NDR 2023.07 Updates
There are many updates in this version that we hope you'll like. Brief explanations of the updates are grouped into the following sections:
Key highlights include:
New LogRhythm University NDR Courses
Documentation Updates
Incident Threshold Configuration
Exposed "Observed" Values in Anomaly Models
Training & Documentation
Training
LogRhythm University has added several web-based classes, some examples include:
You Have NDR, Now What?
Cases
Integrations
Look out for more classes to be added!
Documentation
As a companion to the LogRhythm NDR 2023.07 release, we are publishing documentation across a number of topics including:
Rapid7 InsightVM Integration
PCAP's
Threat Intel Rules
Detections Enhancements
In the LogRhythm NDR 2023.07 release, several improvements have been made around detections including:
Incident Threshold Configuration
Users can now configure the Incident Score Threshold. This is not retroactive and only applies to future incidents generated.
Find Incident Score Threshold in Settings → Preferences.
Case Certainty Threshold Configuration
Users can now configure the Case Certainty Threshold. This is not retroactive and only applies to future cases generated.
Find Case Certainty Threshold in Settings → Preferences.
Customize Metadata Fields Displayed
Users can now configure the metadata fields displayed.
Find Visible Fields in Settings → Preferences.
Additional whitelisting Fields
Users can now whitelist based on three additional fields:
http code
port
event_extra_attributes
Find Whitelist in Settings → Policy Management.
Viewable Expected and Observed Values in Anomaly Models
Users can now see both expected and observed values in events flagged by our Anomaly Models.
SMTP Server Configuration
Users can now choose and configure any SMTP Server in the UI.
Find SMTP Settings in Settings → Operational.
NDR New UI Login Instructions
We want to continue to encourage LR NDR users to work in the New UI, follow the below instructions for login:
Log in to the Legacy LogRhythm NDR UI.
In the top right of the page, place your cursor over your profile name and click Edit Profile.
The Edit Profile page appears.To enable the Keycloak login, click the Enable Keycloak Login checkbox.
The Credentials for Keycloak login box appears.Type a new password in the Password and Confirm Password fields.
Click Create.
The message "Created Successfully" appears.Click Ok.
At the top of the screen, click Try New UI.
The new UI opens in a new tab.Enter your legacy username and the new password you created.
Click Sign In.
The Dashboard of the new UI appears.
Improvements
Switching to the Legacy UI after login
Log in to the LogRhythm NDR new UI.
Click the Profile icon at the top-right corner of the log in page.
The Profile icon is expanded.Click the Switch to Legacy UI button.
The Legacy UI's log in page opens as a new tab.
Switching to the Legacy UI during login
Go to the log in page of the new UI.
Click the Switch to Legacy UI option.
The Legacy UI's log in page opens as a new tab.
Resolved Issues
Bug ID | Description |
|---|---|
ENG-9380 | LogRhythm NDR is now able to integrate with Cybereason without any issue. |
ENG-31704 | Customers are now able to log in to LogRhythm NDR without any password error. The password must contain at least 8 characters, including at least one number, uppercase letter, lowercase letter, and a special character. Accepted Special characters are ~?!_@#$%^&* |
ENG-34663 | Users can now update the LDAP password in the new NDR GUI. |
ENG-28943 | Customers can now receive emails to set up their account and are able to log in to the product. |
ENG-33079 | The Dashboard in the new NDR GUI now returns data as expected. |
ENG-25592 | The noisy SmbMapping logs from the related logs are now disabled. |
ENG-34656 | Event timestamp in the new UI has been modified to display time in the 24 hour format. |
ENG-31705 | All the IntelEvent entries now appear in the IntelEvent page as intended. |
ENG-34592 | Users are now able to integrate with the Active Directory (AD) without any authentication error. |
ENG-33537 | The Settings page in the new NDR GUI now functions as expected. |
ENG-34049 | The activity data corresponding to each site in the new NDR GUI is now loading correctly. |
ENG-34650 | The More Details page corresponding to any Event now retains the styles and frames when resized. |
ENG-28921 | Customers are now able to see PCAPs and the single traffic issue is also resolved. |
ENG-31667 | Safelist Regex with field trigger now works correctly and incidents are not created for events that match the Safelist. |
ENG-26851 | The Saved Searches options now renders as expected. |
ENG-28909 | The Security Analyst user accounts are now able to change their password successfully. |
ENG-26853 | Customers can now select multiple individual incidents and export the corresponding CSV file when the set limit for download exceeds 1000 entries. |
ENG-37027 | The filter field in the Hunt page now renders as expected. |
ENG-34648 | The conn_state field for Hunt entries now reflects the correct value. |
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.