Ability to add notes about users and entities: Security analysts can now select any user or entity from the Users' or Entities' Dashboard, and add or update notes about them. The analyst entering the note and the timestamp will also be recorded. Notes help the security team to document and share their findings.
Build 4025 Released on 5 February, 2021
Protection from erroneous product updates: To protect against an erroneous or malicious PPM file from being applied during product updates, PPM and DLL signing will now be performed. This will enhance security and integrity.
Build 4024 Released on 1 February, 2021
Anomaly visualization: Users can now see a graphical representation of every analyzed anomaly. This will show how far apart the observed values are from the expected values.
Hiding users and entities from dashboard: Specific users and entities can now be hidden from the dashboard. This may be used in cases where a user or entity is deemed to be trustworthy.
Logon anomalies: Anomaly details and risk scores will now be provided for logon anomalies, a new category of threat.
Apache struts framework is no longer used: Vulnerability caused due to Apache Struts has been fixed (Apache Struts dependency has been removed).
Analysis of anomalous events in bulk: The solution now supports the analysis of anomalous events in bulk rather than as single events. This will translate into improved performance.
Improved design for exported reports: All anomaly reports exported as HTML, XLS and PDF files will now feature a new and improved design.
Build 4023 Released on 26 November, 2020
PAM360 Integration: Log360 UEBA now integrates closely with ManageEngine PAM360 to analyze anomalies in privileged accesses.
Build 4021 Released on 26 October, 2020
Elasticsearch (ES) Archiving: Users now have the option to archive already detected anomalies in compressed index files for a period of their choice. This will improve storage utilization.
RunQuery for querying database: Users can now query the Log360 UEBA database by executing runQuery.do on the system that runs Log360 UEBA.
Greater visibility of data during the UEBA training period: The dashboard during the initial UEBA training period will now feature more insights into network activity.
XLS and HTML format for export: Users can now export reports into XLS and HTML formats, apart from PDF and CSV formats.
AD thumbnail photo sync for users profile picture: The users' photo stored in the ThumbNailPhoto attribute in AD can now be displayed along with their risk scores. This photo will be made available due to a sync with Active Directory.
Memory update: The memory allocated to the product and ES can now be updated from the product settings tab.
Build 4020 Released on 20 June, 2020
Alerts: Real-time email notifications can now be sent for detected anomalies and high risk scores.
Global Search: Users can now search across all sections of the UEBA component including reports, settings, and the help documentation for the required details.
Manage Reports: Management of categories, groups, and reports is now easier with the Manage Reports option.
Option to add log level filters to set the severity level for the logs collected.
Build 4016 Released on 17 May, 2020
The authentication bypass vulnerability (CVE-2020-24786), identified by Florian Hauser, has now been fixed.
Build 4015 Released on 29 April, 2020
Risk score customization: Risk score can now be customized based on the extent of deviation from the baseline of the regular activities of a user, and also the requirements of the organization.
Cloud Security Plus integration: Integrated with Cloud Security Plus to ensure real-time monitoring of your cloud platform.
Enhanced reports page: You can now select the desired device from the drop-down and get advanced reports for them. Additionally, few new reports have also been included.
Build 4011 Released on 13 November, 2019
Active Directory-based authentication: Users can now log into the Log360 UEBA console using their Active Directory domain credentials.
Build 4010 Released on 23 September, 2019
Spot anomalies in AD activities including logons, user activity, account lockouts, and more.
Schedule reports: Reports can be scheduled to be generated at specific intervals and emailed to stakeholders or stored at a specified location.
The UEBA module supports Chinese and Japanese.
The performance of the machine learning algorithms have been enhanced with Redis.
Support of Microsoft SQL Server as the backend database.
The dashboard has been enhanced for better user experience.
One-stop solution to all Log Management and Active Directory Auditing