New Features

  • Stop complex attacks with correlation

    The enhanced correlation interface contains twenty-five predefined attack rules, including ransomware, brute force, and more. You can now correlate logs from multiple log sources.
    Download free Network Security Attack Handbook and learn how correlation can help you mitigate complex attacks. 

  • Out-of-the-box support for network devices

    Simplify the auditing process by getting device specific security information for SonicWall, Palo Alto Networks, Fortinet, Juniper, NetScreen and Check Point devices with predefined reports and alert profiles.

  • Support for TLS and TCP based log collection

    We now support Transport layer security (TLS) based log collection. The solution also supports secure TCP based log collection apart from the UDP based log collection method.

  • Augmented threat intelligence 

    EventLog Analyzer has enhanced its threat intelligence capability with a built-in STIX/TAXII feeds processor. The solution can detect and alert you in real-time for suspicious traffic in your network and outbound connections to malicious domains and callback servers.

  • Built-in incident management console

    Track the response and resolution process of incidents by assigning every alert arising in the network to a specific administrator. Keep track of the incident tickets with EventLog Analyzer's built-in ticketing option or raise tickets in help desk tools-ServiceNow and ManageEngine ServiceDesk Plus.

  • Automatic Windows device discovery 

    Simplify the process of configuring log collection for Windows devices with automatic domain and non-domain discovery options. 

  • Automatic network device discovery 

    Building on automatic Windows discovery, you can now discover any Syslog device based on an IP address or CIDR range. You can also automatically configure log forwarding for Linux or Unix machines from within the EventLog Analyzer console. 

Release Notes

Build 11100

Released on 9 December 2017

  • New Feature

    • GDPR compliance reports: Offers predefined report templates to help you easily comply with the GDPR's requirements.
  • Enhancements

    • A new report for Juniper application tracking has been added.
    • Mail subject can now be added in the custom report scheduler.
  • Fixes

    • The alignment issue in reports exported as CSV files from the search tab has been fixed.
    • The issue in parsing SonicWall botnet logs has been fixed.
    • WatchGuard firewall logs are now parsed.
    • The issue with not being able to view devices in the admin server when the user logs in via AD has been fixed.
    • The issue in displaying the report fields for Oracle devices has been fixed.
    • The issues in parsing the timestamp of imported logs have been fixed.
  • Fixes

    • The new feature for the Distributed Edition - Managed Server is the same as the above.

Build 11090

Released on 29 November 2017

  • New Features

    • Supports Sophos-UTM, Sophos-XG, and Cyberoam devices: Predefined reports and alert profiles help easily audit security events of Sophos-UTM, Sophos-XG, and Cyberoam devices.
    • Provides an option to discover and configure event sources for individual devices.
  • Enhancements

    • The mechanism of recording the log flow rate has been optimized.
    • An extra field "Display name" has been added to the pre-defined reports and search section.
  • Fixes

    • The issue with parsing of fields for NPS events occurring on Windows Server 2016 has been fixed.
    • Addition of VMware reports for created and deleted VMs (Event IDs: 13002 and 13003).
    • The issue with the Solaris user account management report and SUDO command execution report has been fixed.
    • Issue with populating web traffic reports for WatchGuard has been fixed.
    • The issue with the policy changes report for Symantec devices has been fixed.
    • The issue with exporting reports from the "My Reports" category has been fixed.
  • New Features

    • The new features are same as in the Standalone Edition.
  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11080

Released on 17 October 2017

  • New Features

    • The Correlation Engine has been completely upgraded to bring you complex attack detection across all devices on your network, enhanced field-level correlation, improved incident reports with timeline view, and much more:

    • Multiple log format support: Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.
    • Enhanced field-level correlation: Correlation can be done based on multiple log field values to provide fine-grained attack detection.
    • Predefined rules: The module is packaged with 25 predefined complex attack patterns.
    • Custom rule builder: The custom correlation rule builder has been upgraded to include over 250 predefined network actions and advanced filters.
      • Check for unique, constant, or shared field values among the actions that make up a rule.
      • Use multiple comparison conditions for fields, namely 'equals', 'not equal to', 'starts with', or 'ends with'.
      • Create rules for individual log types using specific network actions, or rules common to all log types with generic network actions.
    • Incident management integration: All correlation alerts can be viewed and managed with the in-built incident management console.
  • Enhancements

    • The correlation user interface has been upgraded with an all new look and feel, incorporating all the above new features.
    • The time between each individual pair of actions can now be specified when creating a rule.
  • New Features

    • The new features are same as in the Standalone Edition.
  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11073

Released on 4 October 2017

  • New Features

    • EventLog Analyzer now supports WatchGuard firewall devices. Exhaustive reports and predefined alert profiles makes it easier to audit WatchGuard firewall.
  • Fixes

    • White space characters that caused issue in mail server configuration has been fixed.
    • Predefined Symantec reports now display graphs.
    • "Windows unexpected shut down" report was not updated. This issue has been fixed now.
    • I18N issue in the device and status tab of admin server fixed.
    • Issue with exporting loaded archives in admin server fixed.
    • Issue with parsed product names in Checkpoint logs fixed.
    • Receiving alerts that logs are not being collected from various servers while they are actually being collected. This issue has been fixed.
    • Display issue with EventLog Analyzer's centralized archive page in Linux has been fixed.
    • Issue with "root" being not accepted as a username in centralized admin server is fixed.
    • Changes made in centralized archives setting page was not saved. This bug has been fixed.
    • Operator access to Syslog Listener Port Settings restricted.
  • New Features

    • The new features are same as in the Standalone Edition.
  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11072

Released on 22 September 2017

  • Enhancements

    • EventLog Analyzer's security is further strengthened by using unique key to encrypt database for every installation.
    • The solution now correlates the logs from Cisco firewalls with that of the threat feeds and global IP threat database data to instantly detect traffic from malicious URLs and domains.
    • Custom log patterns (or regex patterns) can be created for specific devices and can be saved for future log imports.
    • Symantec Endpoint Protection support is now enhanced with the set of prebuilt reports on successful logons, failed logons, admins added, admins modified, admin deleted and policy changes.
  • Fixes

    • Multiple vulnerability issues including XSS, XML injection, authorization issues, and path traversal has been fixed.
    • New entries in registry were not added when databases was changed. This issue has been fixed.
    • All fields in 'Manage Agents' under 'Admin Settings' tab now supports non-ASCII characters as well.
    • IP address of configured devices were not updated properly. This issue has been fixed.
    • Parsing errors occurred when importing multi-line logs. This issue has been fixed.
  • Enhancements

    • The enhancements are same as in the Standalone Edition.
  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11070

Released on 29 August 2017

  • New Features

    • Transport layer security (TLS) based log collection is now supported.
    • Port management options have been enhanced for better usability.
    • Out-of-the-box support for NetScreen and Checkpoint firewall devices log data. The new version comes with exclusive predefined reports and alert profiles that makes NetScreen and Checkpoint device auditing and monitoring easier.
    • The new version supports Nexpose vulnerability scanner log imports.
    • Exclusive reports for monitoring SonicWall VPN activities comes bundled with the new version.
    • The new version includes predefined reports that provide information on web traffic for Cisco firewall and routers.
  • Enhancements

    • External agent support is now being provided for Windows server core machines.
    • TLS 1.2 is used for enhanced agent-server communication.
    • File integration monitoring support has been extended for Windows file servers.
    • It is now possible to get the details of the users who renamed the file or folder in the predefined file integrity monitoring reports.
    • You can now directly apply the self-signed certificate directly from within EventLog Analyzer web-console.
    • EventLog Analyzer now extends the log querying capability to Nessus, OpenVas, Nmap and Qualys vulnerability scanner log data.
    • Reports for "Host migration in vCenters" and "VM Relocated Events" is now provided.
    • Option to search for a specific managed server from admin server console is now being provided.
    • Device display name enhancements has been done.
  • Fixes

    • The following bug fixes are done in addition to a range of minor bug fixes.

    • The issue in displaying host count in the "Home" tab of "Device details" page in distributed edition is fixed.
    • Occasional sync error between managed server and admin server in distributed edition is fixed.
    • Log count aggregation in trend table has been revamped.
    • File integrity monitoring report profile now accepts file extension with spaces.
    • Bugs in Apache report's status code has been fixed.
    • The issue with log format icon in log collection filter profile is rectified.
    • Multiple bugs fixed for Fortinet and Juniper firewalls reports.
    • Bug fix for the summary count in the scheduled file integrity monitoring reports.
    • The Username is now parsed for event IDs 4658 and 4952 in event logs.
    • False alerts for "log collection failure" fixed for syslog.
    • Encoding issue for non-English languages in CSV export reports is fixed.
    • Multiple log parsing issues fixed.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.7 Build 11056.
    • No changes specific to Distributed Edition Admin Server in this release.

Build 11066

Released on 15 August 2017

  • Enhancements

    • Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
    • Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.
  • Enhancements

    • Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
    • Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

Build 11065

Released on 04 August 2017

  • Enhancements

    • Elastic Search is enhanced to handle unprocessed files.
    • In the search option, custom fields are pre-populated with values that are previously configured by users.
    • In a current session, if you navigate to other tabs while viewing a specific report, the 'Reports' tab saves the view and shows it to you when you're back.
  • Fixes

    • Issues with Cisco parsing have been fixed.
    • Issues in parsing VNC logs from Mac OS have been fixed.
    • The values used in the compliance reports are directly taken from the indices to avoid value mismatch.
  • Enhancements

    • The enhancements are same as in the Standalone Edition.
  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11060

Released on 19 July 2017

  • New Features

    • EventLog Analyzer now offers exclusive reports and alert profiles for Fortinet device to help to detect anomalous activities, monitor user activities, changes in configuration, and more.
  • Enhancements

    • EventLog Analyzer supports all SonicWall device log format. Previously, we had been supporting only SonicWall firewall logs.
    • Active Directory user import feature has been revamped for better user experience.
    • Configuring domains and workgroups is made easy with a dedicated log configuration page for the same.
    • The solution can now import AD users at regular intervals using schedules along with provisions to view the schedule history.
  • Fixes

    • The following issues have been fixed:

    • The alert profiles that are being created as tickets in ServiceDesk Plus have been provided with the l18n option.
    • The values for graphical representation in the dashboard is directly taken from the indices to avoid value mismatch.
    • Issue with loading archives in MSSQL Windows authentication has been fixed.
    • The issue with importing users with same username from multiple domains has been fixed.
    • Issue with adding users has been fixed now.
    • When users were moved to different host groups, the change wasn't reflected in the 'All host group' list. This issue has been fixed.
    • Issues with the single-sign-on feature have been fixed now.
    • Importing users from some organizational unit had some issues . This has been fixed now.
    • Authentication of users imported from AD groups didn't happen. This has been fixed now.
    • Technician roles can be assigned to multiple users at one go.
    • Vulnerabilities in 'Keep me signed in' option in the login page has been fixed using dynamic key based encryption.
    • Issues with log collector have been fixed.
    • False positives for Windows device down alerts has been fixed.
    • You can now collect event logs through a fully qualified domain name (FQDN).
    • Issues with index archiving have been fixed now.
    • Issue with searching a renamed device in 'Device' page, has been fixed.
    • Synchronization issues with Admin and Managed server in MSSQL database have been fixed.
    • In File Monitoring Summary page, the device names were not listed, if it's included in the DHCP device list. This issue has been fixed.
  • Enhancements

    • Admin servers can now be assigned groups from multiple managed servers.
    • Exact host count was not reflected in the licence page of admin server. This has been fixed now.
    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.6 Build 11060.

Build 11056

Released on 30 May 2017

  • Enhancements

    • Reports to track user VPN connections and disconnections on Cisco ASA devices have been added.
    • The 5424 log format is now supported for Juniper devices.
    • Juniper traffic reports have been enhanced.
  • Fixes

    • The log collector quit occasionally while parsing Oracle logs. This has been fixed.
    • SSL versions 2 and 3 have been removed.
    • SSL weak cipher suites have been changed.
    • The following vulnerabilities have been removed from several pages of the product:
      • Stored and reflective cross site scripting
      • Cross site request forgery
      • Clickjacking
      • Username harvesting
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11056.
    • No changes specific to Distributed Edition Admin Server in this release.

Build 11055

Released on 3 May 2017

  • New Features

    • EventLog Analyzer now comes with an in-built ticket-based incident management system.

    • A separate ticket can be created for each incident, and assigned to any specific administrator for resolution.
    • Includes a provision to add notes, in the ticket, once it is resolved. This makes it easier to resolve similar issues that might arise in the future.
    • Integrates with popular help desk tools – ServiceNow and ManageEngine’s ServiceDesk Plus to allow creation of tickets using them.
  • Enhancements

    • The GUI of alerts reporting page has been enhanced for better usability.
    • Users can now configure the alert profiles based on time frames viz., working hours, non-working hour, and even custom time range.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11055.
    • No changes specific to Distributed Edition Admin Server in this release.
  • Fixes

    • Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Build 11050

Released on 17 Apr 2017

  • New Features

    • EventLog Analyzer supports:

    • Juniper and Palo Alto device logs; offers predefined reports and alert profiles exclusively for Juniper and Palo Alto devices to audit them easily.
    • TCP based log collection for Syslog devices.
  • Enhancements

    • New SonicWall device reports have been added for IDS/IPS and under the user account management category.
    • View the top and least values of the log data fields in all the predefined reports.
    • Full support for SolarWinds Windows Log Forwarder.
  • Fixes

    • The issue with IBM AS/400 date format has been fixed.
    • AS400 alerts were getting sent for devices not specified in the alert profile. This has been fixed.
    • Shared files and folders deleted via right clicks were not showing in the reports. This has been fixed.
    • The elastic search engine now resets the date in the log message and shows the results for the last 30 days if the start or end time in the log message time stamp exceeds the elastic search engine time range limit.
    • The issue with working of FTP scheduled import option when the file is specified as the root path has been fixed.
    • The issue with the working of Windows Snare agent has been fixed.
    • The issue with the working of log filter for Windows log collection via Snare agent has been fixed.
    • The issues with the update of 'Last Message Time' for devices in the Device Management page have been fixed.
    • The issue with generation of removable disk auditing reports has been fixed.
  • Enhancements

    • Managed server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11050.
  • Fixes

    • Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Build 11045

Released on 30 March 2017

  • New Features

    • The 'Settings' tab now has a search option with which you can search for options available in configuration, system, and product settings sections.
  • Enhancements

    • The GUI of 'Settings' page has been enhanced for easy accessibility.
    • I18N is now supported for "Log Me" tab.
  • Fixes

    • Issues in archiving log data from Elasticsearch index has been fixed.
    • Minor i18n issues have been fixed.
  • Enhancements

    • There are no changes specific to Distributed Edition Admin Server in this release
    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11045

Build 11043

Released on 28 Feb 2017

  • Fixes

    • The logs processed using SolarWinds logs forwarder was only partially compatible. This has been fixed now.
    • Issue in receiving Cisco logs that represented severity with numbers instead of letters has been fixed.
    • While scheduling reports, filter option wasn't working consistently in non-English user interfaces. This has been fixed.
    • While searching for logs using event numbers, the search bar malfunctioned in non-English user interfaces. This has been fixed.
  • Enhancements

    • No changes specific to Distributed Edition Admin Server in this release
    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11043

Build 11042

Released on 9 Feb 2017

  • New Features

    • EventLog Analyzer simplifies the log collection and device configuration by automatically discovering Syslog devices on your network based on the IP and CIDR range values. SNMP (Version 1) credentials is used for automatic device discovery.
    • The solution also enables automatic log forwarding for UNIX devices with the root credentials.
  • Enhancements

    • Email notification option has been provided for the default threat alert profile.
  • Fixes

    • The issue with EventLog Analyzer's log collector when the database password is encrypted has been fixed.
    • The issue in updating IBM AS400 password has been fixed.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11042
    • No changes specific to Distributed Edition Admin Server in this release

Build 11040

Released on 6 Jan 2017

  • New Features

    • EventLog Analyzer now offers out-of-the-box support for:

    • SonicWall firewall. You can now use exhaustive reports and predefined alert profiles that make SonicWall firewall auditing easier.
    • RFC 5424 log format for Unix and Linux machines.
  • Enhancements

    • Syslog data processing performance has been enhanced.
    • ‘Pick device' option has a new filter, 'username', for enhanced usability.
    • CSV files with just two columns can also be imported.
    • For devices that use agent for log collection, "Device down" alerts are enabled.
    • 'Network Logon' event has been included under one of the rules in 'Correlation'.
    • Error message for logon authentication failure events is displayed for firewall devices.
  • Fixes

    • Issues with event source based database filter have been fixed.
    • Issue when exporting alert profile into XML format have been fixed.
    • Issues with Run Program Notification Setting in correlation have been fixed.
    • Issue with the SysEvtCol process in Linux-64 bit machine has been fixed now.
    • When alert profile is set up for certain devices in a group, all the devices in that group are included in the 'Devices' criteria. This issue has been fixed.
    • The issue with the 'Archive>Settings' option in Chrome browser has been fixed now.
    • Issues with the administrator and operator privileges for managing alert profiles have been fixed.
    • The issue with 'contains' filter option in log search has been fixed now.
    • Issues with generating File Integrity Monitoring reports for DHCP agents have been fixed now.
    • File or folder rename events were not reflected in File Integrity Monitoring reports. This has been fixed now.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11040
    • No changes specific to Distributed Edition Admin Server in this release

Build 11030

Released on 19 Dec 2016

  • New Features

    • Auto-discovery of domain and non-domain devices for enhanced user experience in adding Windows devices.
  • Enhancements

    • Devices management and configuration has been improved for better usability. You can now check the log collection status, change the log monitoring interval, and enable or disable the device from a single window.
    • FIM events for agent directory folders are excluded by default.
  • Fixes

    • The following issues have been fixed:

    • Archive location path containing special characters has been aligned with Windows standards.
    • XSS vulnerability issue in rebranding and index pages has been fixed.
    • Server has been optimized for FIM folders exclusion to accept several agent requests.
    • JVM crashes no longer occur when importing log files.
    • Changes in filenames are dynamically reflected while updating the schedule.
    • Trend Reports does not reflect event counts with zero logs.
    • The issue with the count in the report export list has been fixed.
    • IP address based device search is now possible.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.3 Build 11030
    • No changes specific to Distributed Edition Admin Server in this release

Build 11025

Released on 17 Nov 2016

  • Fixes

    • The file integrity monitoring template update has been fixed.
    • Working of script notifier in Linux installations has been fixed.
    • Displaying the archive status during archive loading has been fixed.
    • Export report download (due to special character references in the report name) has been fixed.
    • Compliance report graph's drill-down functionality has been fixed.
    • Time criteria for archive report exports has been fixed.
    • Syslog collection has been fixed.
    • The email address field now has a limit of 250 words.
    • We now monitor SSH2 sessions as well for Unix/Linux SSH session reports.
    • If Oracle application log data contains raw commands executed in the database, then that log data will not be categorized under reports.

Build 11020

Released on 26 Aug 2016

Service Pack build 11023 released on 24 Oct 2016

  • New Features

    • Threat analysis: Without any configuration, automatically get alerted whenever you receive traffic from blacklisted or suspicious IPs.
    • All new UI: EventLog Analyzer now comes with a flat user interface
    • Monitor log data of EventLog Analyzer: Offers the capability to forward EventLog Analyzer's log data (in syslog format) to any source.
  • Enhancements

    • Log search engine performance has been enhanced.
    • The product's log trend graph, event category graph and host count variable are now directly loaded from the 'Elastic Search' module so as to facilitate better
    • Now, the report, alerts for the client console uses the local (client) machine's time zone for better interpretation.
    • IBM AS400 BRMS log parsing is now supported.
    • EventLog import for non-english languages is now supported.
  • Fixes

    • Alignment issues in 'Settings', 'Hosts', 'Search' and 'Correlation' tabs had been fixed.
    • The log search event count mismatch when hovered over the graph has been fixed.
    • The issue in knowing the exact number of event types in dashboard graphs has been fixed.
    • The issue with triggering action upon clicking 'Calendar' icon has been fixed.
    • Alignment issues in displaying the content
    • The export as report feature was not working for archive search results when using MSSQL database. This has been fixed.
    • Edit report feature under My Reports section was not working when reports were sorted. This has been fixed.
    • When exporting reports in PDF format, username fields above 8 characters were getting truncated. This has been fixed.
    • Some hosts were not getting listed under the Hosts tab due to a data mismatch. This has been fixed.
    • Parsing timestamp from Apache logs has been tuned.
    • The issue in parsing timestamp from ESXi logs has been fixed.
    • The issue in parsing Unix FTP logs has been fixed.
    • When upgrading an agent, if any error is encountered, an error message is now displayed under the Agent Status.
    • Issues causing agent installation and upgrade failure have been fixed.
    • Issues with agent deletion, and agent association when its corresponding host was renamed, have been fixed.
    • The issue in displaying File Monitoring for Shared Deleted Events for Windows 2012 R2 has been fixed.
    • The issue with registering when file monitoring is in DHCP environment has been fixed.
    • The issue with event log skipping after applying Windows anniversary update, or when recordID is wrapped in WMI, has been fixed for both agent and agentless methods.
    • The issue with logon failure when logs are being collected from EventLog Analyzer has been fixed.
    • Script notification under alert profiles was not working in case of space constraints in the installation directory. This has been fixed.
    • Multiple issues with File Integrity Monitoring configuration and templates have been fixed.
    • The issue with syncing after editing Managed Server details in Admin server has been fixed.
    • Logagent quit when path length in File Integrity Monitoring was very large. This has been fixed.
    • The record ID mismatch between multiple hosts in an agent has been fixed.
    • Auditing is now enabled when adding hosts for File Integrity Monitoring, instead of when enabling the username.
    • SQL Injection vulnerability in Hosts tab has been fixed.
    • Session ID getting exposed in Access Log vulnerability has been fixed.
  • Enhancements

    • The features, enhancements and fixes are same as in Standalone Edition.

Build 11012

Released on 23 Jul 2016

  • Enhancements

    • EventLog Analyzer now provides you with an option to export the generated alert messages.
    • You now have the option to select all the available host groups while creating a report, alert profile, or filter.
    • We have now enhanced the edit, disable, and delete icons available in the alert message section.
    • EventLog Analyzer's calendar will be automatically updated every 10 minutes.
    • You can now edit the report schedules to change the report formats (PDF or CSV).
    • Help card is now added to assist the vulnerability import option.
  • Fixes

    • The alignment in CSV reports has been fixed
    • The deletion of original file while importing application logs using Internet Explorer browser has been fixed.
    • Scheduling the predefined reports for large number of hosts has been fixed.
    • The 'Pick host' option in correlation rule filter page has been fixed.
    • The option to disable AD authentication has been fixed.
    • Archive status change in Internet Explorer 11 has been fixed.
    • 'View Per Page' option in 'Hosts' page has been fixed.
    • Selected hosts count in 'the Search' and 'Pick host' feature has been fixed.
    • Feature request link for Log360 has been fixed.
  • Enhancements

    • The enhancements are same as in the Standalone Edition.
  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11010

Released on 17 Jun 2016

  • Enhancements

    • The EventLog Analyzer web client language is automatically set based on the language setting of the browser. Also, the server side language is automatically set based on the machine in which it is installed.
    • Search option added within Pick Hosts option (found in add new report/alert/filter and report schedule pages).
    • vCenter log collection process enhanced in performance.
    • Support for AS400 log collection through secure ports.
    • CEF format support for FireEye logs.
    • 'Message' column added to FireEye overview report.
    • 'Username' column added to following Windows predefined reports: Software installed/uninstalled/updated, Failed software installation due to privilege mismatches.
  • Fixes

    • Username was not getting parsed from logs with event ID 104. This has been fixed.
    • Username is now parsed from the object string if not present in log message.
    • The issues in parsing time and source from syslog messages are now fixed.
    • Logs from add-on sources were not getting parsed upon restart of the log collector service. This has been fixed.
    • The issue causing failure in updating logs to the database, due to inaccessible data files, has been fixed.
    • Only Key_Read permission (rather than all permissions) is granted when required to read RemoteRegistry values.
    • Issue with agent-server communication in DHCP environment has been fixed.
    • Log collection status shown as 'Access Denied' if a filter was created which dropped all logs. This has been fixed.
    • The issues causing memory leak due to object access events are fixed.
    • Historic log collection was not occurring for few log types. This has been fixed.
    • Multiple log collector crashes fixed.
    • Invalid log types were queried during the log collection process. This has been fixed.
    • Log indexing was not occurring if device type was changed manually from Syslog to Cisco. This has been fixed.
    • Unnecessary escape characters were added while importing archived logs from PGSQL. This has been fixed.
    • Application log archive files were getting duplicated due to scheduling clash. This has been fixed.
    • Loading status would not be updated when attempting to access an archive file that was moved or deleted. This has been fixed.
    • The issue in using the 'AND' boolean operator in predefined report searches has been fixed.
    • Search page queries with single quotes were not working. This has been fixed.
    • The issue causing failure to refine data by double-clicking host names in reports has been fixed.
    • Application sub tab under Reports was not opening. This has been fixed.
    • Criteria field was missing under edit predefined reports schedule window. This has been fixed.
    • Uploading of log files to database was not occurring if PGSQL database was password protected. This has been fixed.
    • Vulnerability fixes:
      • Guest user could change the admin password. This has been fixed.
      • Reflected XSS and Store XSS vulnerabilities are fixed.
      • Clickjacking vulnerability has been fixed.
      • Username harvesting vulnerability has been fixed.
  • Enhancements

    • The enhancements are the same as in Standalone Edition.
  • Fixes

    • Centralized archive issue in Admin Server has been fixed.
    • All fixes to standalone edition are applicable to Distributed Edition as well.

Build 11005

Released on 28 Apr 2016

  • Fixes

    • The issue leading to LogAgent crash while decrypting the password for the added host has been fixed.
    • The issue leading to LogAgent crash while decoding the server response has been fixed.
    • The issue leading to LogAgent does when File Integrity Monitoring is set up has been fixed.
    • The issue causing LogAgent memory growth has been fixed.

Build 11001

Released on 7 Mar 2016

Service Pack Build 11003 released on 15 Mar 2016

  • Enhancements

    • EventLog Analyzer and ADAudit Plus have been integrated into a single log management and auditing solution viz., Log360.
  • Fixes

    • The issue with edit filter has been fixed.
    • The users can now provide space in the account name while logging into EventLog Analyzer.
    • The issue related to the import action after the field extraction operation has been fixed.
    • The issue with auto upgrade of LogAgent while applying the PPM over 8.0 has been fixed.
    • The issue during the application of SACL from LogAgent for huge folders has been fixed.
    • While applying PPM, the issue related to agent's auto upgrade when domain name is NULL has been fixed.
    • The issue with report zipping when the save type is 'Save Alone' has been fixed.
    • The issue related to parsing of cisco logs when the device type is manually changed, has been fixed.
    • The issue with the log collector stopping the remote registry service of the host from which it is collecting logs, has been fixed.
    • The issue related with the password update while editing the host details has been fixed.
    • The issue related with log parsing when Cisco meraki logs are forwarded from the relay server, has been fixed.
    • File Integrity Monitoring can now record the registry events as well.
    • The vulnerability issue of guest user changing the admin credentials has been fixed.
    • In LogAgent, if the users are providing any other credentials other than administrator, and if they do not have credentials to access the WMI namespace, then log collection will fail.
    • In SysEvtCol, if the local host is added with a user who doesn't have credentials to access WMI namespace, then log collection will fail.
    • The issue related to back up and restoration operation for MS SQL 2012 server has been fixed.
    • During log collection, if a single log is not returned within 2 seconds, then the log collection will be skipped after retrying 5 times with the same interval of 2 seconds.
    • The issue related with the installation of FIM agent after renaming the host, has been fixed.
    • The issue of considering the DB filter string's tab sequence as a space has been fixed.
    • The issue with advanced search criteria not getting updated in the database has been fixed.
    • The time delay with the log collection while applying FIM with user name option on a folder which contains many sub folders, has been fixed.
    • Only image file formats can now be uploaded for rebranding.
    • The issue with html tags injection through error messages has been fixed.
    • Fixed various SQL injection vulnerabilities.
    • Fixed the alert script arguments issue.
    • Fixed the bug related to 'Keep me signed in' option for AD and radius login.
    • Fixed directory traversal vulnerability through URL parameter.
    • Fixed the issue with the import file check for evt files.
    • Restricted non administrator users from accessing other users' data via parameter manipulation.

Build 10081

Released on 12 Jan 2016

Service Pack build 10081 released on 12 Jan 2016

  • Enhancements

    • EventLog Analyzer server can now be configured to run in the HTTPS protocol as well. Option to provide the corresponding port numbers is also available.
    • Option to encrypt the Keystore password is now available.
    • You can now set the web session expiry time limit.
    • The solution now provides you the flexibility to change the language of EventLog Analyzer web client, after the solution had been installed.
    • Get to know the status of the report export process with the help of sleek progress bar.
    • We've now provided an option to get administrator credentials during service mode installation.
    • Log collection capability is strengthened to include both log type and time in the query mechanisms.
  • Fixes

    • File Integrity Monitoring feature
      • The 'Select All' option in the 'Settings' tab wasn’t working. This issue has been fixed.
      • The 'Back' button issue in the drill down pages has been fixed.
    • The issue related to the inclusion of Japanese, Chinese characters in 'Schedule' names has been fixed.
    • The blank home page issue when the Managed Servers are down has been fixed.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.8 Build - 10080
    • No changes specific to Distributed Edition Admin Server in this release

Build 10072

Released on 5 Nov 2015

  • Enhancements

    • Application Local User Enable / Disable option integrated.
    • Agent Installation error and status messages in the tool-tip.
    • Apache logs common log format supported.
  • Fixes

    • Test port not working in SMS configuration in Alerts (due to the page being opened in new window) - has been fixed.
    • Criteria for scheduling Predefined Reports - OR function not working properly - has been fixed.
    • Unix mail server reports - username classified as undefined - has been fixed.
    • Uninstallation of agent with different username (from the username used for installation) not working - has been fixed.
    • Loss of data during transfer from agent due to check-sum error - has been fixed.
    • All check box selection functions have been fine tuned.
    • AllLogsCurrentHourlyTrend and AllLogsHistoricalHourlyTrend are ordered by hour.
    • FIM - Not able to enable username for the directories with space - has been fixed.
    • When same agents are installed, slid is not updated during fresh install in agent side - has been fixed.

Build 10071

Released on 25 Sep 2015

Build 10070 released on 25 Sep 2015

  • New Features

    • High availability feature has been integrated within the product.
  • Fixes

    • Fixed the issue in field extraction that arise while creating more than two fields or whenever a special cha racter is included in the field value
    • Fixed issue with alert delay in case of slow log rate
    • Fixed time stamping issue for syslogs.
    • Fixed the time range selection issue in report and correlation data generation
    • Guest user promotion as Admin by accessing user management page has been fixed
    • Vulnerabilities on session hijacking using cookie value JSESSIONID has been fixed
    • XSS vulnerability in EventLog Analyzer server login page has been fixed
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.6 Build 10600
    • No changes specific to Distributed Edition Admin Server in this release

Build 10060

Released on 29 May 2015

  • New Features

    • Supports vulnerability data analytics - EventLog Analyzer 10.6 supports log collection and analysis of vulnerability scanners such as Nessus, Qualys, NMAP, and OpenVas.It provides 50+ predefined reports and alert conditions exclusively for vulnerability data analytics that help prioritizing the vulnerabilities and thus help to proactively mitigate security attacks.
    • Supports threat intelligent solution's log data - The latest version of EventLog Analyzer supports log data analysis of endpoint security solutions such as FireEye, Symantec Endpoint solution, and Symantec DLP application. The solution provides predefined reports and alert criteria that helps identifying and containing security threats at the earliest
    • vCenter log monitoring - EventLog Analyzer 10.6 supports vCenter log monitoring. It provides on-the-fly reports and alert conditions that help monitoring vCenter activities such as Datastore changes, permission changes, host changes, Resourcepool changes and more.
    • Supports GPG13 compliance- as EventLog Analyzer now provides out-of-the-box reports and alerts that help HMG organizations comply to GPG13 compliance.
  • Enhancements

    • Added new rule to parse the shun-attacks.
  • Fixes

    • Fixed the issue of Database folder increase due to improper cleaning of throwaway tables.
    • Fixed Firefox Unix icon display issue.
    • Fixed the issue associated with Universal Log Parsing and Indexing (ULPI) for user specified logs.
    • Fixed the parsing issue with IBM AS400.
    • Issues related to juli log growth and serverout growth had been fixed.
    • emoved weak cipher 'Ephemeral DH ciphers' from the secure connection.
    • Fixed the time order issue on trend reports.
    • Fixed the false disk space alert with remote desktop connection.
    • Issue related to RunQuery.do has been fixed.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.7 Build 10070
    • No changes specific to Distributed Edition Admin Server in this release

Build 10000

Released on 23 Jan 2015

  • New Features

    • Log collection and processing rate has been improved to 10x from the previous mark. EventLog Analyzer version 10 and above can handle 20,000 logs per second with the peak log handling capacity of 25,000 logs per second
    • 1000+ out-of-the-box reports for security, compliance and operations needs
    • Enhanced real-time event response system with 600+ predefined alert criteria for Windows, Linux/Unix, Applications and Network Device environment.
  • Enhancements

    • File Integrity Monitoring

      • Ability to filter critical changes to files/folders based on the file type
      • Ability to display the process name and domain name in file integrity monitoring reports
      • Option to enable and disable File Integrity Monitoring
      • Addition of more default templates
      • Ability to save/edit alert and report enhancement with option to select User Name & Change Type
      • Ability to drill down the file integrity monitoring report graph
      • File attribute changes and ownership changes are now being captured under critical file/folder changes
    • Search

      • Ability to save the search results as alerts
      • Inclusion of auto suggestions for field values
      • Sorting of the index data for improved search performance
    • Correlation

      • Custom correlation rule builder that allows to create pattern based alerting by selecting the existing correlation rules
      • Ability to specify the threshold limits for each rule in the defined pattern.
    • Session Activity Changes

      • Added Duration and Log off time fields at 'Session Activity' page
      • Ability to search through the session activity reports
      • Session activity reports can now be saved
  • Fixes

    • Fix to enabling AD authentication issue while importing user from AD groups.
    • Fix to the search pagination issue
    • Vulnerability fixes - URL Injection
      • Authentication problems
      • Database injection
      • Stored password encryption changes
      • Agent zip extraction
    • Fix to the User based and iSeries User based Reports breaks while exporting with no user name in the database
    • Fix to the PDF export issue that occurred after mouse hover search from Custom Reports, while exporting all the events instead of filtered events.
    • Fix to Event ID based direct export breaks when severtity parameter is not appended in URL
    • Custom alert 'Not Equals' was not working for option 'Type'. This issue was fixed.
  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.0 Build 10000
    • No changes specific to Distributed Edition Admin Server in this release

Build 9000

Released on 23 Apr 2014

  • New Features

    • Real-time Event Correlation
      • Real-time correlation for proactive threat management
      • 50+ out-of-the-box correlation rules on various categories viz., File Management, Group Management, Authentication, Authorization, Audit Policy, Software Management and more
    • Out-of-the-box reports for ISO 27001:2013 Standards
    • Supports Terminal Server Log Analysis out-of-the-box
    • Supports EventLog Analyzer user audit trail
  • Enhancements

    • File Integrity Monitoring
      • File Integrity Monitoring reports now include the name of the user who made the change
      • Modified File Integrity Monitoring Report page
    • Field Extraction for SFTP application log import is now added
    • Archive encryption using AES 256 algorithm is now supported
    • Supports EventLog Analyzer user audit trail
    • Reports Enhancements
      • Performance of Report Extraction in PDF and CSV format is enhanced
      • Summary details for User Based Reports is now included
    • Adding Hosts
      • Supports import of host list from a CSV file
      • Existing hosts that are added will be automatically hidden from the Pick List Window
    • Customize Notification settings
      • Supports sending notification only once and pausing the notification for a day/week/month
  • Fixes

  • The following issues have been fixed in this release:

    • In predefined compliance alert profile creation can now have the Windows 2008 type event IDs
    • EventLog Analyzer version 9.0 can now handle the string '\' in Log message fields of reports, alerts and filters
    • Issue with the resetpwd.bat file in troubleshooting folder is fixed
    • Out of memory error during log import is fixed
    • 'Notes' field in the Custom Report Creation wizard now has the character limit of 250
    • Issue with the specification of multiple log messages separated by a comma, in report creation wizard is fixed
    • Issue with the working of Radius Authentication is fixed
    • Supports syslog import with 'Automatically Identify' option
    • Issue in log import schedule for a multiline log is now fixed
    • Issue in archive purging of Postgres database is fixed
    • 'Advanced Alert' option in 'Custom Alert Profile' creation page
      • Supports specification of multiple Event IDs separated by a comma
      • Supports alert criteria edit even if the criteria is specified within double quotes
    • Issue with updation of SQL information in ChangeDBServer.bat file with $ in the password section is fixed
    • Specific Scheduled AD User import issue is fixed
  • Enhancements

    • GA release of EventLog Analyzer Distributed Edition.

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 9.0 Build 9000
    • No changes specific to Distributed Edition Admin Server in this release
 
X

Need a feature?

Let us know and we will roll it out as soon as we can!

  • Name
  • Email
  • Feature
  •  
  • Your requests matter.
    Help us to help you solve your
    IT security challenges!

Roadmap

We are constantly looking to add new features to meet market requirements and to improve usability. Why are we disclosing this? Because we value your inputs!

01

Log forwarding to external server

The log forwarder will allow you to automatically forward the logs collected by EventLog Analyzer from desired hosts to the required server.

03

Enhancements in log import

Improved functionality for log imports, including quick and easy bulk import of log files and advanced import scheduling options.

02

Enhanced correlation engine

A more powerful correlation engine that is enhanced with more predefined rules and field level correlation options.

04

Deeper insights from SQL reports

We are adding new predefined SQL reports which will give you more control over your SQL servers, and empower you to conduct a thorough audit in order to secure them.

Events

All upcoming events