Skip to main content
Skip table of contents

NDR 2023.07 Release Notes

Welcome to the July 2023 release of LogRhythm NDR. This version has many updates, but we first want to highlight a few exciting recent developments for LogRhythm NDR.

LogRhythm NDR New UI - The procedure to switch to the Legacy UI during or after login is available in the Improvements section of this document.

Customer Feedback Opportunities

We always welcome your feedback!

NDR 2023.07 Updates

There are many updates in this version that we hope you'll like. Brief explanations of the updates are grouped into the following sections:

Key highlights include:

  • New LogRhythm University NDR Courses

  • Documentation Updates

  • Incident Threshold Configuration 

  • Exposed "Observed" Values in Anomaly Models

Training & Documentation


LogRhythm University has added several web-based classes, some examples include: 

  • You Have NDR, Now What?

  • Cases

  • Integrations

Look out for more classes to be added!


As a companion to the LogRhythm NDR 2023.07 release, we are publishing documentation across a number of topics including:

  • Rapid7 InsightVM Integration

  • PCAP's

  • Threat Intel Rules

Detections Enhancements

In the LogRhythm NDR 2023.07 release, several improvements have been made around detections including:

Incident Threshold Configuration

Users can now configure the Incident Score Threshold. This is not retroactive and only applies to future incidents generated. 

  • Find Incident Score Threshold in Settings → Preferences.

Case Certainty Threshold Configuration

Users can now configure the Case Certainty Threshold. This is not retroactive and only applies to future cases generated.

  • Find Case Certainty Threshold in Settings → Preferences.

Customize Metadata Fields Displayed

Users can now configure the metadata fields displayed.

  • Find Visible Fields in Settings → Preferences.

Additional whitelisting Fields

Users can now whitelist based on three additional fields: 

  • http code

  • port

  • event_extra_attributes

  • Find Whitelist in Settings → Policy Management.

Viewable Expected and Observed Values in Anomaly Models

Users can now see both expected and observed values in events flagged by our Anomaly Models.

SMTP Server Configuration

Users can now choose and configure any SMTP Server in the UI.

  • Find SMTP Settings in Settings → Operational.

NDR New UI Login Instructions

We want to continue to encourage LR NDR users to work in the New UI, follow the below instructions for login:

  1. Log in to the Legacy LogRhythm NDR UI.

  2. In the top right of the page, place your cursor over your profile name and click Edit Profile.
    The Edit Profile page appears.

  3. To enable the Keycloak login, click the Enable Keycloak Login checkbox.
    The Credentials for Keycloak login box appears. 

  4. Type a new password in the Password and Confirm Password fields.

  5. Click Create.  
    The message "Created Successfully" appears.

  6. Click Ok.

  7. At the top of the screen, click Try New UI.
    The new UI opens in a new tab.

  8. Enter your legacy username and the new password you created.

  9. Click Sign In
    The Dashboard of the new UI appears.


Switching to the Legacy UI after login

  1. Log in to the LogRhythm NDR new UI.

  2. Click the Profile icon at the top-right corner of the log in page.
    The Profile icon is expanded.

  3. Click the Switch to Legacy UI button.
    The Legacy UI's log in page opens as a new tab.

Switching to the Legacy UI during login

  1. Go to the log in page of the new UI.

  2. Click the Switch to Legacy UI option.
    The Legacy UI's log in page opens as a new tab.

Resolved Issues

Bug ID



LogRhythm NDR is now able to integrate with Cybereason without any issue.


Customers are now able to log in to LogRhythm NDR without any password error. The password must contain at least 8 characters, including at least one number, uppercase letter, lowercase letter, and a special character. Accepted Special characters are ~?!_@#$%^&*


Users can now update the LDAP password in the new NDR GUI.


Customers can now receive emails to set up their account and are able to log in to the product.


The Dashboard in the new NDR GUI now returns data as expected.


The noisy SmbMapping logs from the related logs are now disabled.


Event timestamp in the new UI has been modified to display time in the 24 hour format.


All the IntelEvent entries now appear in the IntelEvent page as intended.


Users are now able to integrate with the Active Directory (AD) without any authentication error.


The Settings page in the new NDR GUI now functions as expected.


The activity data corresponding to each site in the new NDR GUI is now loading correctly.


The More Details page corresponding to any Event now retains the styles and frames when resized.


Customers are now able to see PCAPs and the single traffic issue is also resolved. 


Safelist Regex with field trigger now works correctly and incidents are not created for events that match the Safelist.


The Saved Searches options now renders as expected.


The Security Analyst user accounts are now able to change their password successfully.


Customers can now select multiple individual incidents and export the corresponding CSV file when the set limit for download exceeds 1000 entries.


The filter field in the Hunt page now renders as expected.


The conn_state field for Hunt entries now reflects the correct value.

Resolved Issues - Security

Security-related issues resolved with this release are available for customers to view on the Community.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.