7.19.0 System Monitor Release Notes - 7 January 2025
Release Details
Software Component | System Monitor (SysMon) |
|---|---|
Version Number | 7.19.0 (Windows) 7.19.0 (*NIX) |
Compatibility | This System Monitor Agent release is compatible with LogRhythm SIEM core versions that have not reached their end of life date. For more information, see End of Life Policies for Software and Hardware. Microsoft .NET Framework 4.7.2 or higher |
LogRhythm System Monitor Agents for Windows require the Microsoft .NET Framework 4.7.2 or higher.
Before upgrading your System Monitor Agent, confirm that .NET Framework 4.7.2 or higher is installed.
For information on determining which .NET version is installed, see Determine which .NET Framework versions are installed - .NET Framework.
If necessary, install .NET Framework 4.7.2 or higher and reboot your system. Because of the required reboot, we recommend that you perform this installation during off-peak hours.
Improvements
Parsing Improvements
LogRhythm SIEM version 7.19 contains various improvements to System Monitor parsing policies that make it easier to integrate your System Monitors and Open Collectors through the use of JSON parsing and policy builder.
For a full rundown of these Log Parsing improvements, please refer to the LogRhythm SIEM 7.19 Release Notes.
TLS 1.3 Support
Starting with LogRhythm SIEM version 7.19, TLS version 1.3 encryption is supported between Windows System Monitor Agents and the Mediator. This setting can be enabled in the Data Processor Advanced Properties.
Cloudflare Support
Parsing rules have been updated to include support for Cloudflare audit logs and Cloudflare firewall logs. New out-of-the-box support with System Monitor Agents versions 7.19 and above gives administrators the ability to collect Cloudflare logs from AWS S3. Using the AWS S3 beat, users can configure collection of Cloudflare logs right from the Web Console. See the Configure AWS S3 topic for more information.
Deprecated Features
LogRhythm has deprecated Check Point collection via OPSEC LEA in favor of the newer Check Point Log Exporter. Support for OPSEC LEA was removed starting with LogRhythm System Monitor Collector version 7.7.0.8004 and results in an error in the scsm.log file if this collection method is used. Customers who need to use OPSEC LEA for collection should not upgrade agents past System Monitor 7.7.0.8002 release. For information on how to configure Check Point Log exporter, see Syslog - Check Point Log Exporter device configuration guide.
Resolved Issues - Security
Resolved security-related defects can be viewed on the Community.