Log360 UEBA Release Notes

  • Build 4040 Released on 11 November, 2022

    New Features

    1. Log360 UEBA's new release allows you to configure a ticketing tool of your choice. Besides assigning technicians to alerts within UEBA, now you can configure alerts to be raised as tickets automatically in the configured ticketing tool.

      The supported ticketing tools are as follows:

      • ManageEngine AlarmsOne
      • Jira Service Desk (Cloud and On-prem)
      • ServiceNow
      • Kayako and
      • Zendesk
    2. We've introduced a new product notification feature which posts a notification within the product UI to update the user on any major security fixes or upgrades.
    3. We've also made a few fixes to the security issues that were present.
  • Build 4036 Released on 18 April, 2022

    Fix

    1. Minor bug fixes
  • Build 4035 Released on 11 March, 2022

    New Feature

    1. Data masking for auditors: Administrators will have the option to mask users' identities from auditors. This will help maintain the privacy of users in the network. Auditors may only need to know the risk levels of different users and entities, and may not need to know who the user or device actually was. Details like user name, host name, IP address, and more can be masked. To the auditor, the masked data will appear as a random code.
    2. Resolving masked data: Administrators can provide the masked value and Log360 UEBA will provide the original identity of the user, host, IP address, etc.
    3. Mapping of users and entities: Every user will be mapped to the top entities they are associated with. These top entities would be devices or hosts that the user is known to use. With this feature, administrators will be quickly able to see within each user's profile if they are associated with an entity they are not expected to use.
    4. Deep linking for users and entities: A link will be provided to the user's or entity's profile from different areas within Log360 UEBA such as Reports, Alerts, Watchlisted Users and Watchlisted Entities. This will help Administrators navigate efficiently and conduct their investigations.
    5. Exporting Alerts: Alerts for a chosen time range can be exported as CSV, PDF, XLS and HTML report formats. This will help administrators submit the reports to management and aid intelligent decision-making. Administrators can also review the history of alert exports.
    6. Server diagnostics and disk space analysis: Administrators can review information about the general health, setup, memory, installation and disk space details of Log360 UEBA. This will ensure that the product is working at the optimal level.

    Vulnerability Fix

    1. Mitigation of the Log4j vulnerability [CVE-2021-44832]: Log360 UEBA now uses Log4j version 2.17.0, which removes support for message lookup patterns and disables JNDI functionality by default. This fixes the Apache Log4j remote code execution security vulnerability.
  • Build 4034 Released on 22 December, 2021

    Vulnerability Fix

    1. Mitigation of the Log4j vulnerability [CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105]: Log360 UEBA uses Log4j version 2.9.1, which can potentially be affected by the Apache Log4j remote code execution security vulnerability. We have fixed this issue as Log360 UEBA now uses Log4j 2.17.0 which removes support for message lookup patterns and disables JNDI functionality by default.
  • Build 4031 Released on 12 November, 2021

    New Feature

    1. Contextual risk scoring: A contextual risk score will be provided along with average and peak risk scores, for specified time ranges. The contextual risk score will consider the subsequent anomalies after the specified time range to provide a more dynamic measure of the risk.
    2. Add Active Directory groups to a watchlist: An Active Directory group can be selected at one go, to add all users within it to a watchlist.
    3. Set all users within an Active Directory group as "Technicians": An Active Directory group can be selected at one go, to set all users within it as Technicians.
    4. Configure alerts based on Active Directory group: An Active Directory group can be selected as a whole while configuring an alert. This will lead to all the users within the group to be configured for the alert.
    5. Two-factor authentication: Two-factor authentication can be set up for added security during logons. It can be enabled for these methods: Email verification, Google Authenticator, RSA SecurID, Duo Security and RADIUS Authentication.

    Enhancements

    1. Enhancements to dashboard queries: Earlier the dashboard was loaded after queries to the database. Now the frequently displayed information will be cached in product memory, eliminating some database queries. This will reduce the time to load the dashboard.
    2. Performance enhancements while analyzing count anomalies: All the anomalous activities based on count will be fetched from the Log360 component (ADAudit Plus, EventLog Analyzer or Cloud Security Plus) directly, instead of from Elasticsearch. This will save the dump time. In addition, it will also reduce the disk space requirements.
    3. Clear failure notifications: Failure notifications will be given in case of exceptions. The user will get to know the reason for the failure.
    4. Global search for users and entities: Global Search will allow you to search for any user or entity. Clicking on the user or entity will take you to the associated dashboard.
    5. Splitting long patterns while displaying pattern anomalies: Pattern anomalies will be displayed after splitting long patterns into chains of length 2. This will be done only if the analysis of the long pattern takes more than two minutes to complete. By doing this, the file size will reduce and performance speed will increase.
  • Build 4030 Released on 10 September, 2021

    New Feature

    1. Anomaly modeling for comprehensive analysis: Earlier, only predefined anomaly models built on specific reports from ADAudit Plus, EventLog Analyzer and Cloud Security Plus were available as reports under Custom Reports. Now, custom anomaly models can be built based on any report from these three components. The custom anomaly models that are built will be available as custom reports within Log360 UEBA.
  • Build 4028 Released on 10 June, 2021

    Security Enhancements

    1. Prompt for a secure connection: When logging on to Log360 UEBA, users will be prompted to enable HTTPS connection in case they have not done that yet. The user can also enable HTTPS connection from the Product Settings page. An HTTPs connection increases security.
    2. Alert to change default admin account password: When logging on to Log360 UEBA, the default admin will be prompted to change the default admin password in case they have not done that yet. The admin can click on "Change Now" to be redirected to the Change Password page. This will enhance security.

    Enhancement

    1. Archival of count anomaly details: Details about count anomalies older than 30 days will now be archived along with other anomaly details. This will help save disk space.
  • Build 4027 Released on 13 May, 2021

    New Feature

    1. Peer grouping of users: Based on observed past behavior, users will be automatically placed in distinct peer groups. A specific user can belong to multiple peer groups. The peer group will be considered when calculating the anomaly confidence level and this will in turn affect their risk score. This will provide better security context and decrease false positives.
  • Build 4026 Released on 10 March, 2021

    Enhancement

    1. Ability to add notes about users and entities: Security analysts can now select any user or entity from the Users' or Entities' Dashboard, and add or update notes about them. The analyst entering the note and the timestamp will also be recorded. Notes help the security team to document and share their findings.
  • Build 4025 Released on 5 February, 2021

    Security Enhancement

    1. Protection from erroneous product updates: To protect against an erroneous or malicious PPM file from being applied during product updates, PPM and DLL signing will now be performed. This will enhance security and integrity.
  • Build 4024 Released on 1 February, 2021

    New Features

    1. Anomaly visualization: Users can now see a graphical representation of every analyzed anomaly. This will show how far apart the observed values are from the expected values.
    2. Hiding users and entities from dashboard: Specific users and entities can now be hidden from the dashboard. This may be used in cases where a user or entity is deemed to be trustworthy.
    3. Logon anomalies: Anomaly details and risk scores will now be provided for logon anomalies, a new category of threat.

    Enhancements

    1. Apache struts framework is no longer used: Vulnerability caused due to Apache Struts has been fixed (Apache Struts dependency has been removed).
    2. Analysis of anomalous events in bulk: The solution now supports the analysis of anomalous events in bulk rather than as single events. This will translate into improved performance.
    3. Improved design for exported reports: All anomaly reports exported as HTML, XLS and PDF files will now feature a new and improved design.
  • Build 4023 Released on 26 November, 2020

    New Features

    1. PAM360 Integration: Log360 UEBA now integrates closely with ManageEngine PAM360 to analyze anomalies in privileged accesses.
  • Build 4021 Released on 26 October, 2020

    New Features

    1. Elasticsearch (ES) Archiving: Users now have the option to archive already detected anomalies in compressed index files for a period of their choice. This will improve storage utilization.
    2. RunQuery for querying database: Users can now query the Log360 UEBA database by executing runQuery.do on the system that runs Log360 UEBA.

    Enhancements

    1. Greater visibility of data during the UEBA training period: The dashboard during the initial UEBA training period will now feature more insights into network activity.
    2. XLS and HTML format for export: Users can now export reports into XLS and HTML formats, apart from PDF and CSV formats.
    3. AD thumbnail photo sync for users profile picture: The users' photo stored in the ThumbNailPhoto attribute in AD can now be displayed along with their risk scores. This photo will be made available due to a sync with Active Directory.
    4. Memory update: The memory allocated to the product and ES can now be updated from the product settings tab.
  • Build 4020 Released on 20 June, 2020

    New Features

    1. Alerts: Real-time email notifications can now be sent for detected anomalies and high risk scores.
    2. Global Search: Users can now search across all sections of the UEBA component including reports, settings, and the help documentation for the required details.

    Enhancements

    1. Manage Reports: Management of categories, groups, and reports is now easier with the Manage Reports option.
    2. Option to add log level filters to set the severity level for the logs collected.
  • Build 4016 Released on 17 May, 2020

    Fix

    1. The authentication bypass vulnerability (CVE-2020-24786), identified by Florian Hauser, has now been fixed.
  • Build 4015 Released on 29 April, 2020

    Features

    1. Risk score customization: Risk score can now be customized based on the extent of deviation from the baseline of the regular activities of a user, and also the requirements of the organization.
    2. Cloud Security Plus integration: Integrated with Cloud Security Plus to ensure real-time monitoring of your cloud platform.

    Enhancements

    1. Enhanced reports page: You can now select the desired device from the drop-down and get advanced reports for them. Additionally, few new reports have also been included.
  • Build 4011 Released on 13 November, 2019

    New Feature

    1. Active Directory-based authentication: Users can now log into the Log360 UEBA console using their Active Directory domain credentials.
  • Build 4010 Released on 23 September, 2019

    New Features

    1. Spot anomalies in AD activities including logons, user activity, account lockouts, and more.
    2. Schedule reports: Reports can be scheduled to be generated at specific intervals and emailed to stakeholders or stored at a specified location.
    3. The UEBA module supports Chinese and Japanese.

    Enhancements

    1. The performance of the machine learning algorithms have been enhanced with Redis.
    2. Support of Microsoft SQL Server as the backend database.
    3. The dashboard has been enhanced for better user experience.