New Features

Stop more attacks with correlation

The enhanced correlation interface contains twenty-five predefined attack rules, including those for ransomware, brute force, and more. You can now correlate logs from multiple log sources and create rules to suit your business environment.

Get our free network security attack handbook to know more.

Learn more

Augmented threat intelligence

The enhanced threat intelligence platform comes with a built-in STIX/TAXII feed processor. Get real-time alerts for suspicious traffic in your network and outbound connections to malicious domains and callback servers.

Find out how the feature works with our free solution brief.

Learn more

Built-in incident management console

Track the response and resolution process of incidents by assigning every alert to a specific administrator. Keep track of incident tickets with the built-in ticketing option, or raise tickets in external help desk tools - ServiceDesk Plus and ServiceNow.

Find out how the feature works with our free solution brief.

Learn more

Release Notes

Service Packs

Build 11130

Released on 13 April 2018

  • New Feature

    • IIS web site auto discovery which makes it easier to configure IIS web sites for monitoring.

  • Enhancements

    • Multiple files can now be imported simultaneously.
    • Server Message Block (SMB) protocol has been added as one of the protocols to access files.
    • Customization options have been added for scheduling of log imports.
    • Dynamic patterns and numerical increments for file rollovers have been added.
    • Option to import and store logs for short durations has been added.

  • Fixes

    • Issue in the device name and display name fields in custom reports has been fixed.
    • Issue in adding syslog hosts has been fixed.
    • Parsing issue in Cisco device logs has been fixed.
    • The updates and fixes for the Distributed Edition - Managed Server are the same as the above.
Service Packs

Build 11123

Released on 27 March 2018

  • New Features

    • Secure archival of log files: Checksums are now used to maintain the integrity of archived log files, thus helping meet compliance requirements.
    • Supports Huawei firewall: Predefined reports and alert profiles help easily audit security events of Huawei firewalls.
    • Supports Malwarebytes: Predefined reports and alert profiles help in auditing logs from Malwarebytes, thereby improving the threat detection mechanism.

  • Enhancements

    • Kerberos has been added as an authentication method for log collection.
    • Removable Disk Auditing now supports more device types.
    • The object access policies enabled by default in an agent have been optimized to reduce log dropping.
    • The IP address of the remote device has been added as a field in file integrity monitoring logs.
    • Permission changes for files are now audited.
    • All logs generated during agent downtime will be collected from the Event Viewer, once the agent recovers.

  • Fixes

    • Issue with restarting of the log collector has been fixed.
    • Issue in specifying multiple entries in the fields of database filters has been fixed.
    • Issue in log collection filter for Windows logs forwarded as syslog has been fixed.
    • Consistency issue in deletion events of folders with child objects has been fixed.
    • Sync issue between the admin server and managed servers has been fixed.
    • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.
Service Packs

Build 11122

Released on 19 March 2018

  • New Features

    • The correlation module now supports logs from ManageEngine OpManager and Password Manager Pro.
    • Forensic analysis can be performed on the actions of the user(s) and device(s) involved in a successfully correlated event.

  • Enhancements

    • Reports of network devices can now also be viewed in the Compliance tab.
    • An option to enable or disable the out of memory alert notification.
    • The mail subject of low disk space and out of memory alerts can be customized.
    • Automatic assignment of alerts to technicians based on alert profiles.
    • An option to delete generated alerts, when deleting the alert profile that they are associated to.
    • Exporting compliance reports has been made faster.
    • The compliance report scheduler has been enhanced.

  • Fixes

    • Issue in parsing of File Integrity Message in the alert mail has been fixed.
    • Issue in automatically adding agent has been fixed.
    • Issue which generated alerts with wrong criteria for AS400 has been fixed.
    • Issue in Compliance report scheduler has been fixed.
    • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.
Service Packs

Build 11120

Released on 7 March 2018

  • New Features

    • SQL Server auto discovery which makes it easier to configure SQL servers for monitoring.
    • Column Integrity Monitoring in SQL Server: Track changes in a monitored column including who changed the value, at what time the value was changed, and the database table in which the value was changed.
    • SQL Server Advanced Audit reports provide information on the history of schema and object changes, most used tables, and more.

  • Enhancements

    • Auditing can now be enabled only for the selected SQL Server instances.
    • Audit policies can now be created or deleted from EventLog Analyzer.
    • The user interface of the Manage Applications tab has been enhanced for better user experience.

  • Fixes

    • Issue in password with special characters entered during the configuration of mail server has been fixed.
    • Issue which added duplicate entries to reports exported in CSV format has been fixed.
    • Issues in parsing and indexing of SolarWinds and Snare logs have been fixed.
    • Cross Site Scripting (XSS) in the search and reports page (CVE-2018-7405) raised by Suresh Khutale has been fixed.
    • Vulnerability issue of remote code execution when uploaded by an agent has been fixed.
    • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.
Service Packs

Build 11110

Released on 9 February 2018

  • New Features

    • Supports Barracuda devices: Predefined reports and alert profiles help easily audit security events of Barracuda Firewalls, Web Application Firewalls, and Email Security Gateway.
    • Implementation of slow query graphs for the dashboard.

  • Enhancements

    • Provision to customize the subject, content of email, and SMS alerts.
    • Add alerts and manage alerts pages have been enhanced for improved user experience.

  • Fixes

    • Issue in handling special characters in Microsoft SQL migration has been fixed.
    • Issue in wildcard search has been fixed.
    • Issue in triggering alerts when the buffer size is reached has been fixed.
    • Issues in parsing Sonicwall signature ID, Cisco Firepower custom fields, and denied traffic in Fortinet have been fixed.
    • Issue in SQL Login Altered report has been fixed.
    • Issue in updating aggregated data in MySQL database has been fixed.
    • Issue which caused multiple UDP ports to listen has been fixed.
    • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.
Service Packs

Build 11102

Released on 24 January 2018

  • New Feature

    • Integration with Log360 Cloud: The logs collected by EventLog Analyzer can now be stored and managed on a secure cloud platform - Log360 Cloud.

  • New Feature

    • The new features for the Distributed Edition - Managed Server is the same as the Standalone edition (Build 11102).
Service Packs

Build 11101

Released on 12 January 2018

  • New Features

    • Three new predefined correlation rules that detect suspicious SQL backup, installation of services and software.
    • Logs from syslog and other devices can be forwarded to any server including file servers and Windows servers.

  • Enhancements

    • Parsing of new fields in Juniper and Fortinet firewall logs.
    • Support for Snare in the RFC 5424 format.

  • Fixes

    • The new features for the Distributed Edition - Managed Server is the same as the above.
Service Packs

Build 11100

Released on 9 December 2017

  • New Feature

    • GDPR compliance reports: Offers predefined report templates to help you easily comply with the GDPR's requirements.

  • Enhancements

    • A new report for Juniper application tracking has been added.
    • Mail subject can now be added in the custom report scheduler.

  • Fixes

    • The alignment issue in reports exported as CSV files from the search tab has been fixed.
    • The issue in parsing SonicWall botnet logs has been fixed.
    • WatchGuard firewall logs are now parsed.
    • The issue with not being able to view devices in the admin server when the user logs in via AD has been fixed.
    • The issue in displaying the report fields for Oracle devices has been fixed.
    • The issues in parsing the timestamp of imported logs have been fixed.

  • Fixes

    • The new feature for the Distributed Edition - Managed Server is the same as the above.
Service Packs

Build 11090

Released on 29 November 2017

  • New Features

    • Supports Sophos-UTM, Sophos-XG, and Cyberoam devices: Predefined reports and alert profiles help easily audit security events of Sophos-UTM, Sophos-XG, and Cyberoam devices.
    • Provides an option to discover and configure event sources for individual devices.

  • Enhancements

    • The mechanism of recording the log flow rate has been optimized.
    • An extra field "Display name" has been added to the pre-defined reports and search section.

  • Fixes

    • The issue with parsing of fields for NPS events occurring on Windows Server 2016 has been fixed.
    • Addition of VMware reports for created and deleted VMs (Event IDs: 13002 and 13003).
    • The issue with the Solaris user account management report and SUDO command execution report has been fixed.
    • Issue with populating web traffic reports for WatchGuard has been fixed.
    • The issue with the policy changes report for Symantec devices has been fixed.
    • The issue with exporting reports from the "My Reports" category has been fixed.

  • New Features

    • The new features are same as in the Standalone Edition.

  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.
Service Packs

Build 11080

Released on 17 October 2017

  • New Features

    • The Correlation Engine has been completely upgraded to bring you complex attack detection across all devices on your network, enhanced field-level correlation, improved incident reports with timeline view, and much more:

    • Multiple log format support: Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.
    • Enhanced field-level correlation: Correlation can be done based on multiple log field values to provide fine-grained attack detection.
    • Predefined rules: The module is packaged with 25 predefined complex attack patterns.
    • Custom rule builder: The custom correlation rule builder has been upgraded to include over 250 predefined network actions and advanced filters.
      • Check for unique, constant, or shared field values among the actions that make up a rule.
      • Use multiple comparison conditions for fields, namely 'equals', 'not equal to', 'starts with', or 'ends with'.
      • Create rules for individual log types using specific network actions, or rules common to all log types with generic network actions.
    • Incident management integration: All correlation alerts can be viewed and managed with the in-built incident management console.

  • Enhancements

    • The correlation user interface has been upgraded with an all new look and feel, incorporating all the above new features.
    • The time between each individual pair of actions can now be specified when creating a rule.

  • New Features

    • The new features are same as in the Standalone Edition.

  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.
Service Packs

Build 11073

Released on 4 October 2017

  • New Features

    • EventLog Analyzer now supports WatchGuard firewall devices. Exhaustive reports and predefined alert profiles makes it easier to audit WatchGuard firewall.

  • Fixes

    • White space characters that caused issue in mail server configuration has been fixed.
    • Predefined Symantec reports now display graphs.
    • "Windows unexpected shut down" report was not updated. This issue has been fixed now.
    • I18N issue in the device and status tab of admin server fixed.
    • Issue with exporting loaded archives in admin server fixed.
    • Issue with parsed product names in Checkpoint logs fixed.
    • Receiving alerts that logs are not being collected from various servers while they are actually being collected. This issue has been fixed.
    • Display issue with EventLog Analyzer's centralized archive page in Linux has been fixed.
    • Issue with "root" being not accepted as a username in centralized admin server is fixed.
    • Changes made in centralized archives setting page was not saved. This bug has been fixed.
    • Operator access to Syslog Listener Port Settings restricted.

  • New Features

    • The new features are same as in the Standalone Edition.

  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.
Service Packs

Build 11072

Released on 22 September 2017

  • Enhancements

    • EventLog Analyzer's security is further strengthened by using unique key to encrypt database for every installation.
    • The solution now correlates the logs from Cisco firewalls with that of the threat feeds and global IP threat database data to instantly detect traffic from malicious URLs and domains.
    • Custom log patterns (or regex patterns) can be created for specific devices and can be saved for future log imports.
    • Symantec Endpoint Protection support is now enhanced with the set of prebuilt reports on successful logons, failed logons, admins added, admins modified, admin deleted and policy changes.

  • Fixes

    • Multiple vulnerability issues including XSS, XML injection, authorization issues, and path traversal has been fixed.
    • New entries in registry were not added when databases was changed. This issue has been fixed.
    • All fields in 'Manage Agents' under 'Admin Settings' tab now supports non-ASCII characters as well.
    • IP address of configured devices were not updated properly. This issue has been fixed.
    • Parsing errors occurred when importing multi-line logs. This issue has been fixed.

  • Enhancements

    • The enhancements are same as in the Standalone Edition.

  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.
Service Packs

Build 11070

Released on 29 August 2017

  • New Features

    • Transport layer security (TLS) based log collection is now supported.
    • Port management options have been enhanced for better usability.
    • Out-of-the-box support for NetScreen and Checkpoint firewall devices log data. The new version comes with exclusive predefined reports and alert profiles that makes NetScreen and Checkpoint device auditing and monitoring easier.
    • The new version supports Nexpose vulnerability scanner log imports.
    • Exclusive reports for monitoring SonicWall VPN activities comes bundled with the new version.
    • The new version includes predefined reports that provide information on web traffic for Cisco firewall and routers.

  • Enhancements

    • External agent support is now being provided for Windows server core machines.
    • TLS 1.2 is used for enhanced agent-server communication.
    • File integration monitoring support has been extended for Windows file servers.
    • It is now possible to get the details of the users who renamed the file or folder in the predefined file integrity monitoring reports.
    • You can now directly apply the self-signed certificate directly from within EventLog Analyzer web-console.
    • EventLog Analyzer now extends the log querying capability to Nessus, OpenVas, Nmap and Qualys vulnerability scanner log data.
    • Reports for "Host migration in vCenters" and "VM Relocated Events" is now provided.
    • Option to search for a specific managed server from admin server console is now being provided.
    • Device display name enhancements has been done.

  • Fixes

    • The following bug fixes are done in addition to a range of minor bug fixes.

    • The issue in displaying host count in the "Home" tab of "Device details" page in distributed edition is fixed.
    • Occasional sync error between managed server and admin server in distributed edition is fixed.
    • Log count aggregation in trend table has been revamped.
    • File integrity monitoring report profile now accepts file extension with spaces.
    • Bugs in Apache report's status code has been fixed.
    • The issue with log format icon in log collection filter profile is rectified.
    • Multiple bugs fixed for Fortinet and Juniper firewalls reports.
    • Bug fix for the summary count in the scheduled file integrity monitoring reports.
    • The Username is now parsed for event IDs 4658 and 4952 in event logs.
    • False alerts for "log collection failure" fixed for syslog.
    • Encoding issue for non-English languages in CSV export reports is fixed.
    • Multiple log parsing issues fixed.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.7 Build 11056.
    • No changes specific to Distributed Edition Admin Server in this release.
Service Packs

Build 11066

Released on 15 August 2017

  • Enhancements

    • Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
    • Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

  • Enhancements

    • Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
    • Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.
Service Packs

Build 11065

Released on 04 August 2017

  • Enhancements

    • Elastic Search is enhanced to handle unprocessed files.
    • In the search option, custom fields are pre-populated with values that are previously configured by users.
    • In a current session, if you navigate to other tabs while viewing a specific report, the 'Reports' tab saves the view and shows it to you when you're back.

  • Fixes

    • Issues with Cisco parsing have been fixed.
    • Issues in parsing VNC logs from Mac OS have been fixed.
    • The values used in the compliance reports are directly taken from the indices to avoid value mismatch.

  • Enhancements

    • The enhancements are same as in the Standalone Edition.

  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.
Service Packs

Build 11060

Released on 19 July 2017

  • New Features

    • EventLog Analyzer now offers exclusive reports and alert profiles for Fortinet device to help to detect anomalous activities, monitor user activities, changes in configuration, and more.

  • Enhancements

    • EventLog Analyzer supports all SonicWall device log format. Previously, we had been supporting only SonicWall firewall logs.
    • Active Directory user import feature has been revamped for better user experience.
    • Configuring domains and workgroups is made easy with a dedicated log configuration page for the same.
    • The solution can now import AD users at regular intervals using schedules along with provisions to view the schedule history.

  • Fixes

    • The following issues have been fixed:

    • The alert profiles that are being created as tickets in ServiceDesk Plus have been provided with the l18n option.
    • The values for graphical representation in the dashboard is directly taken from the indices to avoid value mismatch.
    • Issue with loading archives in MSSQL Windows authentication has been fixed.
    • The issue with importing users with same username from multiple domains has been fixed.
    • Issue with adding users has been fixed now.
    • When users were moved to different host groups, the change wasn't reflected in the 'All host group' list. This issue has been fixed.
    • Issues with the single-sign-on feature have been fixed now.
    • Importing users from some organizational unit had some issues . This has been fixed now.
    • Authentication of users imported from AD groups didn't happen. This has been fixed now.
    • Technician roles can be assigned to multiple users at one go.
    • Vulnerabilities in 'Keep me signed in' option in the login page has been fixed using dynamic key based encryption.
    • Issues with log collector have been fixed.
    • False positives for Windows device down alerts has been fixed.
    • You can now collect event logs through a fully qualified domain name (FQDN).
    • Issues with index archiving have been fixed now.
    • Issue with searching a renamed device in 'Device' page, has been fixed.
    • Synchronization issues with Admin and Managed server in MSSQL database have been fixed.
    • In File Monitoring Summary page, the device names were not listed, if it's included in the DHCP device list. This issue has been fixed.

  • Enhancements

    • Admin servers can now be assigned groups from multiple managed servers.
    • Exact host count was not reflected in the licence page of admin server. This has been fixed now.
    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.6 Build 11060.
Service Packs

Build 11056

Released on 30 May 2017

  • Enhancements

    • Reports to track user VPN connections and disconnections on Cisco ASA devices have been added.
    • The 5424 log format is now supported for Juniper devices.
    • Juniper traffic reports have been enhanced.

  • Fixes

    • The log collector quit occasionally while parsing Oracle logs. This has been fixed.
    • SSL versions 2 and 3 have been removed.
    • SSL weak cipher suites have been changed.
    • The following vulnerabilities have been removed from several pages of the product:
      • Stored and reflective cross site scripting
      • Cross site request forgery
      • Clickjacking
      • Username harvesting

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11056.
    • No changes specific to Distributed Edition Admin Server in this release.
Service Packs

Build 11055

Released on 3 May 2017

  • New Features

    • EventLog Analyzer now comes with an in-built ticket-based incident management system.

    • A separate ticket can be created for each incident, and assigned to any specific administrator for resolution.
    • Includes a provision to add notes, in the ticket, once it is resolved. This makes it easier to resolve similar issues that might arise in the future.
    • Integrates with popular help desk tools – ServiceNow and ManageEngine’s ServiceDesk Plus to allow creation of tickets using them.

  • Enhancements

    • The GUI of alerts reporting page has been enhanced for better usability.
    • Users can now configure the alert profiles based on time frames viz., working hours, non-working hour, and even custom time range.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11055.
    • No changes specific to Distributed Edition Admin Server in this release.

  • Fixes

    • Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.
Service Packs

Build 11050

Released on 17 Apr 2017

  • New Features

    • EventLog Analyzer supports:

    • Juniper and Palo Alto device logs; offers predefined reports and alert profiles exclusively for Juniper and Palo Alto devices to audit them easily.
    • TCP based log collection for Syslog devices.

  • Enhancements

    • New SonicWall device reports have been added for IDS/IPS and under the user account management category.
    • View the top and least values of the log data fields in all the predefined reports.
    • Full support for SolarWinds Windows Log Forwarder.

  • Fixes

    • The issue with IBM AS/400 date format has been fixed.
    • AS400 alerts were getting sent for devices not specified in the alert profile. This has been fixed.
    • Shared files and folders deleted via right clicks were not showing in the reports. This has been fixed.
    • The elastic search engine now resets the date in the log message and shows the results for the last 30 days if the start or end time in the log message time stamp exceeds the elastic search engine time range limit.
    • The issue with working of FTP scheduled import option when the file is specified as the root path has been fixed.
    • The issue with the working of Windows Snare agent has been fixed.
    • The issue with the working of log filter for Windows log collection via Snare agent has been fixed.
    • The issues with the update of 'Last Message Time' for devices in the Device Management page have been fixed.
    • The issue with generation of removable disk auditing reports has been fixed.

  • Enhancements

    • Managed server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11050.

  • Fixes

    • Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.
Service Packs

Build 11045

Released on 30 March 2017

  • New Features

    • The 'Settings' tab now has a search option with which you can search for options available in configuration, system, and product settings sections.

  • Enhancements

    • The GUI of 'Settings' page has been enhanced for easy accessibility.
    • I18N is now supported for "Log Me" tab.

  • Fixes

    • Issues in archiving log data from Elasticsearch index has been fixed.
    • Minor i18n issues have been fixed.

  • Enhancements

    • There are no changes specific to Distributed Edition Admin Server in this release
    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11045
Service Packs

Build 11043

Released on 28 Feb 2017

  • Fixes

    • The logs processed using SolarWinds logs forwarder was only partially compatible. This has been fixed now.
    • Issue in receiving Cisco logs that represented severity with numbers instead of letters has been fixed.
    • While scheduling reports, filter option wasn't working consistently in non-English user interfaces. This has been fixed.
    • While searching for logs using event numbers, the search bar malfunctioned in non-English user interfaces. This has been fixed.

  • Enhancements

    • No changes specific to Distributed Edition Admin Server in this release
    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11043
Service Packs

Build 11042

Released on 9 Feb 2017

  • New Features

    • EventLog Analyzer simplifies the log collection and device configuration by automatically discovering Syslog devices on your network based on the IP and CIDR range values. SNMP (Version 1) credentials is used for automatic device discovery.
    • The solution also enables automatic log forwarding for UNIX devices with the root credentials.

  • Enhancements

    • Email notification option has been provided for the default threat alert profile.

  • Fixes

    • The issue with EventLog Analyzer's log collector when the database password is encrypted has been fixed.
    • The issue in updating IBM AS400 password has been fixed.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11042
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 11040

Released on 6 Jan 2017

  • New Features

    • EventLog Analyzer now offers out-of-the-box support for:

    • SonicWall firewall. You can now use exhaustive reports and predefined alert profiles that make SonicWall firewall auditing easier.
    • RFC 5424 log format for Unix and Linux machines.

  • Enhancements

    • Syslog data processing performance has been enhanced.
    • ‘Pick device' option has a new filter, 'username', for enhanced usability.
    • CSV files with just two columns can also be imported.
    • For devices that use agent for log collection, "Device down" alerts are enabled.
    • 'Network Logon' event has been included under one of the rules in 'Correlation'.
    • Error message for logon authentication failure events is displayed for firewall devices.

  • Fixes

    • Issues with event source based database filter have been fixed.
    • Issue when exporting alert profile into XML format have been fixed.
    • Issues with Run Program Notification Setting in correlation have been fixed.
    • Issue with the SysEvtCol process in Linux-64 bit machine has been fixed now.
    • When alert profile is set up for certain devices in a group, all the devices in that group are included in the 'Devices' criteria. This issue has been fixed.
    • The issue with the 'Archive>Settings' option in Chrome browser has been fixed now.
    • Issues with the administrator and operator privileges for managing alert profiles have been fixed.
    • The issue with 'contains' filter option in log search has been fixed now.
    • Issues with generating File Integrity Monitoring reports for DHCP agents have been fixed now.
    • File or folder rename events were not reflected in File Integrity Monitoring reports. This has been fixed now.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11040
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 11030

Released on 19 Dec 2016

  • New Features

    • Auto-discovery of domain and non-domain devices for enhanced user experience in adding Windows devices.

  • Enhancements

    • Devices management and configuration has been improved for better usability. You can now check the log collection status, change the log monitoring interval, and enable or disable the device from a single window.
    • FIM events for agent directory folders are excluded by default.

  • Fixes

    • The following issues have been fixed:

    • Archive location path containing special characters has been aligned with Windows standards.
    • XSS vulnerability issue in rebranding and index pages has been fixed.
    • Server has been optimized for FIM folders exclusion to accept several agent requests.
    • JVM crashes no longer occur when importing log files.
    • Changes in filenames are dynamically reflected while updating the schedule.
    • Trend Reports does not reflect event counts with zero logs.
    • The issue with the count in the report export list has been fixed.
    • IP address based device search is now possible.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.3 Build 11030
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 11025

Released on 17 Nov 2016

  • Fixes

    • The file integrity monitoring template update has been fixed.
    • Working of script notifier in Linux installations has been fixed.
    • Displaying the archive status during archive loading has been fixed.
    • Export report download (due to special character references in the report name) has been fixed.
    • Compliance report graph's drill-down functionality has been fixed.
    • Time criteria for archive report exports has been fixed.
    • Syslog collection has been fixed.
    • The email address field now has a limit of 250 words.
    • We now monitor SSH2 sessions as well for Unix/Linux SSH session reports.
    • If Oracle application log data contains raw commands executed in the database, then that log data will not be categorized under reports.
Service Packs

Build 11020

Released on 26 Aug 2016

Service Pack build 11023 released on 24 Oct 2016

  • New Features

    • Threat analysis: Without any configuration, automatically get alerted whenever you receive traffic from blacklisted or suspicious IPs.
    • All new UI: EventLog Analyzer now comes with a flat user interface
    • Monitor log data of EventLog Analyzer: Offers the capability to forward EventLog Analyzer's log data (in syslog format) to any source.

  • Enhancements

    • Log search engine performance has been enhanced.
    • The product's log trend graph, event category graph and host count variable are now directly loaded from the 'Elastic Search' module so as to facilitate better
    • Now, the report, alerts for the client console uses the local (client) machine's time zone for better interpretation.
    • IBM AS400 BRMS log parsing is now supported.
    • EventLog import for non-english languages is now supported.

  • Fixes

    • Alignment issues in 'Settings', 'Hosts', 'Search' and 'Correlation' tabs had been fixed.
    • The log search event count mismatch when hovered over the graph has been fixed.
    • The issue in knowing the exact number of event types in dashboard graphs has been fixed.
    • The issue with triggering action upon clicking 'Calendar' icon has been fixed.
    • Alignment issues in displaying the content
    • The export as report feature was not working for archive search results when using MSSQL database. This has been fixed.
    • Edit report feature under My Reports section was not working when reports were sorted. This has been fixed.
    • When exporting reports in PDF format, username fields above 8 characters were getting truncated. This has been fixed.
    • Some hosts were not getting listed under the Hosts tab due to a data mismatch. This has been fixed.
    • Parsing timestamp from Apache logs has been tuned.
    • The issue in parsing timestamp from ESXi logs has been fixed.
    • The issue in parsing Unix FTP logs has been fixed.
    • When upgrading an agent, if any error is encountered, an error message is now displayed under the Agent Status.
    • Issues causing agent installation and upgrade failure have been fixed.
    • Issues with agent deletion, and agent association when its corresponding host was renamed, have been fixed.
    • The issue in displaying File Monitoring for Shared Deleted Events for Windows 2012 R2 has been fixed.
    • The issue with registering when file monitoring is in DHCP environment has been fixed.
    • The issue with event log skipping after applying Windows anniversary update, or when recordID is wrapped in WMI, has been fixed for both agent and agentless methods.
    • The issue with logon failure when logs are being collected from EventLog Analyzer has been fixed.
    • Script notification under alert profiles was not working in case of space constraints in the installation directory. This has been fixed.
    • Multiple issues with File Integrity Monitoring configuration and templates have been fixed.
    • The issue with syncing after editing Managed Server details in Admin server has been fixed.
    • Logagent quit when path length in File Integrity Monitoring was very large. This has been fixed.
    • The record ID mismatch between multiple hosts in an agent has been fixed.
    • Auditing is now enabled when adding hosts for File Integrity Monitoring, instead of when enabling the username.
    • SQL Injection vulnerability in Hosts tab has been fixed.
    • Session ID getting exposed in Access Log vulnerability has been fixed.

  • Enhancements

    • The features, enhancements and fixes are same as in Standalone Edition.
Service Packs

Build 11012

Released on 23 Jul 2016

  • Enhancements

    • EventLog Analyzer now provides you with an option to export the generated alert messages.
    • You now have the option to select all the available host groups while creating a report, alert profile, or filter.
    • We have now enhanced the edit, disable, and delete icons available in the alert message section.
    • EventLog Analyzer's calendar will be automatically updated every 10 minutes.
    • You can now edit the report schedules to change the report formats (PDF or CSV).
    • Help card is now added to assist the vulnerability import option.

  • Fixes

    • The alignment in CSV reports has been fixed
    • The deletion of original file while importing application logs using Internet Explorer browser has been fixed.
    • Scheduling the predefined reports for large number of hosts has been fixed.
    • The 'Pick host' option in correlation rule filter page has been fixed.
    • The option to disable AD authentication has been fixed.
    • Archive status change in Internet Explorer 11 has been fixed.
    • 'View Per Page' option in 'Hosts' page has been fixed.
    • Selected hosts count in 'the Search' and 'Pick host' feature has been fixed.
    • Feature request link for Log360 has been fixed.

  • Enhancements

    • The enhancements are same as in the Standalone Edition.

  • Fixes

    • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.
Service Packs

Build 11010

Released on 17 Jun 2016

  • Enhancements

    • The EventLog Analyzer web client language is automatically set based on the language setting of the browser. Also, the server side language is automatically set based on the machine in which it is installed.
    • Search option added within Pick Hosts option (found in add new report/alert/filter and report schedule pages).
    • vCenter log collection process enhanced in performance.
    • Support for AS400 log collection through secure ports.
    • CEF format support for FireEye logs.
    • 'Message' column added to FireEye overview report.
    • 'Username' column added to following Windows predefined reports: Software installed/uninstalled/updated, Failed software installation due to privilege mismatches.

  • Fixes

    • Username was not getting parsed from logs with event ID 104. This has been fixed.
    • Username is now parsed from the object string if not present in log message.
    • The issues in parsing time and source from syslog messages are now fixed.
    • Logs from add-on sources were not getting parsed upon restart of the log collector service. This has been fixed.
    • The issue causing failure in updating logs to the database, due to inaccessible data files, has been fixed.
    • Only Key_Read permission (rather than all permissions) is granted when required to read RemoteRegistry values.
    • Issue with agent-server communication in DHCP environment has been fixed.
    • Log collection status shown as 'Access Denied' if a filter was created which dropped all logs. This has been fixed.
    • The issues causing memory leak due to object access events are fixed.
    • Historic log collection was not occurring for few log types. This has been fixed.
    • Multiple log collector crashes fixed.
    • Invalid log types were queried during the log collection process. This has been fixed.
    • Log indexing was not occurring if device type was changed manually from Syslog to Cisco. This has been fixed.
    • Unnecessary escape characters were added while importing archived logs from PGSQL. This has been fixed.
    • Application log archive files were getting duplicated due to scheduling clash. This has been fixed.
    • Loading status would not be updated when attempting to access an archive file that was moved or deleted. This has been fixed.
    • The issue in using the 'AND' boolean operator in predefined report searches has been fixed.
    • Search page queries with single quotes were not working. This has been fixed.
    • The issue causing failure to refine data by double-clicking host names in reports has been fixed.
    • Application sub tab under Reports was not opening. This has been fixed.
    • Criteria field was missing under edit predefined reports schedule window. This has been fixed.
    • Uploading of log files to database was not occurring if PGSQL database was password protected. This has been fixed.
    • Vulnerability fixes:
      • Guest user could change the admin password. This has been fixed.
      • Reflected XSS and Store XSS vulnerabilities are fixed.
      • Clickjacking vulnerability has been fixed.
      • Username harvesting vulnerability has been fixed.

  • Enhancements

    • The enhancements are the same as in Standalone Edition.

  • Fixes

    • Centralized archive issue in Admin Server has been fixed.
    • All fixes to standalone edition are applicable to Distributed Edition as well.
Service Packs

Build 11005

Released on 28 Apr 2016

  • Fixes

    • The issue leading to LogAgent crash while decrypting the password for the added host has been fixed.
    • The issue leading to LogAgent crash while decoding the server response has been fixed.
    • The issue leading to LogAgent does when File Integrity Monitoring is set up has been fixed.
    • The issue causing LogAgent memory growth has been fixed.
Service Packs

Build 11001

Released on 7 Mar 2016

Service Pack Build 11003 released on 15 Mar 2016

  • Enhancements

    • EventLog Analyzer and ADAudit Plus have been integrated into a single log management and auditing solution viz., Log360.

  • Fixes

    • The issue with edit filter has been fixed.
    • The users can now provide space in the account name while logging into EventLog Analyzer.
    • The issue related to the import action after the field extraction operation has been fixed.
    • The issue with auto upgrade of LogAgent while applying the PPM over 8.0 has been fixed.
    • The issue during the application of SACL from LogAgent for huge folders has been fixed.
    • While applying PPM, the issue related to agent's auto upgrade when domain name is NULL has been fixed.
    • The issue with report zipping when the save type is 'Save Alone' has been fixed.
    • The issue related to parsing of cisco logs when the device type is manually changed, has been fixed.
    • The issue with the log collector stopping the remote registry service of the host from which it is collecting logs, has been fixed.
    • The issue related with the password update while editing the host details has been fixed.
    • The issue related with log parsing when Cisco meraki logs are forwarded from the relay server, has been fixed.
    • File Integrity Monitoring can now record the registry events as well.
    • The vulnerability issue of guest user changing the admin credentials has been fixed.
    • In LogAgent, if the users are providing any other credentials other than administrator, and if they do not have credentials to access the WMI namespace, then log collection will fail.
    • In SysEvtCol, if the local host is added with a user who doesn't have credentials to access WMI namespace, then log collection will fail.
    • The issue related to back up and restoration operation for MS SQL 2012 server has been fixed.
    • During log collection, if a single log is not returned within 2 seconds, then the log collection will be skipped after retrying 5 times with the same interval of 2 seconds.
    • The issue related with the installation of FIM agent after renaming the host, has been fixed.
    • The issue of considering the DB filter string's tab sequence as a space has been fixed.
    • The issue with advanced search criteria not getting updated in the database has been fixed.
    • The time delay with the log collection while applying FIM with user name option on a folder which contains many sub folders, has been fixed.
    • Only image file formats can now be uploaded for rebranding.
    • The issue with html tags injection through error messages has been fixed.
    • Fixed various SQL injection vulnerabilities.
    • Fixed the alert script arguments issue.
    • Fixed the bug related to 'Keep me signed in' option for AD and radius login.
    • Fixed directory traversal vulnerability through URL parameter.
    • Fixed the issue with the import file check for evt files.
    • Restricted non administrator users from accessing other users' data via parameter manipulation.
Service Packs

Build 10081

Released on 12 Jan 2016

Service Pack build 10081 released on 12 Jan 2016

  • Enhancements

    • EventLog Analyzer server can now be configured to run in the HTTPS protocol as well. Option to provide the corresponding port numbers is also available.
    • Option to encrypt the Keystore password is now available.
    • You can now set the web session expiry time limit.
    • The solution now provides you the flexibility to change the language of EventLog Analyzer web client, after the solution had been installed.
    • Get to know the status of the report export process with the help of sleek progress bar.
    • We've now provided an option to get administrator credentials during service mode installation.
    • Log collection capability is strengthened to include both log type and time in the query mechanisms.

  • Fixes

    • File Integrity Monitoring feature
      • The 'Select All' option in the 'Settings' tab wasn’t working. This issue has been fixed.
      • The 'Back' button issue in the drill down pages has been fixed.
    • The issue related to the inclusion of Japanese, Chinese characters in 'Schedule' names has been fixed.
    • The blank home page issue when the Managed Servers are down has been fixed.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.8 Build - 10080
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 10072

Released on 5 Nov 2015

  • Enhancements

    • Application Local User Enable / Disable option integrated.
    • Agent Installation error and status messages in the tool-tip.
    • Apache logs common log format supported.

  • Fixes

    • Test port not working in SMS configuration in Alerts (due to the page being opened in new window) - has been fixed.
    • Criteria for scheduling Predefined Reports - OR function not working properly - has been fixed.
    • Unix mail server reports - username classified as undefined - has been fixed.
    • Uninstallation of agent with different username (from the username used for installation) not working - has been fixed.
    • Loss of data during transfer from agent due to check-sum error - has been fixed.
    • All check box selection functions have been fine tuned.
    • AllLogsCurrentHourlyTrend and AllLogsHistoricalHourlyTrend are ordered by hour.
    • FIM - Not able to enable username for the directories with space - has been fixed.
    • When same agents are installed, slid is not updated during fresh install in agent side - has been fixed.
Service Packs

Build 10071

Released on 25 Sep 2015

Build 10070 released on 25 Sep 2015

  • New Features

    • High availability feature has been integrated within the product.

  • Fixes

    • Fixed the issue in field extraction that arise while creating more than two fields or whenever a special cha racter is included in the field value
    • Fixed issue with alert delay in case of slow log rate
    • Fixed time stamping issue for syslogs.
    • Fixed the time range selection issue in report and correlation data generation
    • Guest user promotion as Admin by accessing user management page has been fixed
    • Vulnerabilities on session hijacking using cookie value JSESSIONID has been fixed
    • XSS vulnerability in EventLog Analyzer server login page has been fixed

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.6 Build 10600
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 10060

Released on 29 May 2015

  • New Features

    • Supports vulnerability data analytics - EventLog Analyzer 10.6 supports log collection and analysis of vulnerability scanners such as Nessus, Qualys, NMAP, and OpenVas.It provides 50+ predefined reports and alert conditions exclusively for vulnerability data analytics that help prioritizing the vulnerabilities and thus help to proactively mitigate security attacks.
    • Supports threat intelligent solution's log data - The latest version of EventLog Analyzer supports log data analysis of endpoint security solutions such as FireEye, Symantec Endpoint solution, and Symantec DLP application. The solution provides predefined reports and alert criteria that helps identifying and containing security threats at the earliest
    • vCenter log monitoring - EventLog Analyzer 10.6 supports vCenter log monitoring. It provides on-the-fly reports and alert conditions that help monitoring vCenter activities such as Datastore changes, permission changes, host changes, Resourcepool changes and more.
    • Supports GPG13 compliance- as EventLog Analyzer now provides out-of-the-box reports and alerts that help HMG organizations comply to GPG13 compliance.

  • Enhancements

    • Added new rule to parse the shun-attacks.

  • Fixes

    • Fixed the issue of Database folder increase due to improper cleaning of throwaway tables.
    • Fixed Firefox Unix icon display issue.
    • Fixed the issue associated with Universal Log Parsing and Indexing (ULPI) for user specified logs.
    • Fixed the parsing issue with IBM AS400.
    • Issues related to juli log growth and serverout growth had been fixed.
    • emoved weak cipher 'Ephemeral DH ciphers' from the secure connection.
    • Fixed the time order issue on trend reports.
    • Fixed the false disk space alert with remote desktop connection.
    • Issue related to RunQuery.do has been fixed.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.7 Build 10070
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 10000

Released on 23 Jan 2015

  • New Features

    • Log collection and processing rate has been improved to 10x from the previous mark. EventLog Analyzer version 10 and above can handle 20,000 logs per second with the peak log handling capacity of 25,000 logs per second
    • 1000+ out-of-the-box reports for security, compliance and operations needs
    • Enhanced real-time event response system with 600+ predefined alert criteria for Windows, Linux/Unix, Applications and Network Device environment.

  • Enhancements

    • File Integrity Monitoring

      • Ability to filter critical changes to files/folders based on the file type
      • Ability to display the process name and domain name in file integrity monitoring reports
      • Option to enable and disable File Integrity Monitoring
      • Addition of more default templates
      • Ability to save/edit alert and report enhancement with option to select User Name & Change Type
      • Ability to drill down the file integrity monitoring report graph
      • File attribute changes and ownership changes are now being captured under critical file/folder changes

    • Search

      • Ability to save the search results as alerts
      • Inclusion of auto suggestions for field values
      • Sorting of the index data for improved search performance

    • Correlation

      • Custom correlation rule builder that allows to create pattern based alerting by selecting the existing correlation rules
      • Ability to specify the threshold limits for each rule in the defined pattern.

    • Session Activity Changes

      • Added Duration and Log off time fields at 'Session Activity' page
      • Ability to search through the session activity reports
      • Session activity reports can now be saved

  • Fixes

    • Fix to enabling AD authentication issue while importing user from AD groups.
    • Fix to the search pagination issue
    • Vulnerability fixes - URL Injection
      • Authentication problems
      • Database injection
      • Stored password encryption changes
      • Agent zip extraction
    • Fix to the User based and iSeries User based Reports breaks while exporting with no user name in the database
    • Fix to the PDF export issue that occurred after mouse hover search from Custom Reports, while exporting all the events instead of filtered events.
    • Fix to Event ID based direct export breaks when severtity parameter is not appended in URL
    • Custom alert 'Not Equals' was not working for option 'Type'. This issue was fixed.

  • Enhancements

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.0 Build 10000
    • No changes specific to Distributed Edition Admin Server in this release
Service Packs

Build 9000

Released on 23 Apr 2014

  • New Features

    • Real-time Event Correlation
      • Real-time correlation for proactive threat management
      • 50+ out-of-the-box correlation rules on various categories viz., File Management, Group Management, Authentication, Authorization, Audit Policy, Software Management and more
    • Out-of-the-box reports for ISO 27001:2013 Standards
    • Supports Terminal Server Log Analysis out-of-the-box
    • Supports EventLog Analyzer user audit trail

  • Enhancements

    • File Integrity Monitoring
      • File Integrity Monitoring reports now include the name of the user who made the change
      • Modified File Integrity Monitoring Report page
    • Field Extraction for SFTP application log import is now added
    • Archive encryption using AES 256 algorithm is now supported
    • Supports EventLog Analyzer user audit trail
    • Reports Enhancements
      • Performance of Report Extraction in PDF and CSV format is enhanced
      • Summary details for User Based Reports is now included
    • Adding Hosts
      • Supports import of host list from a CSV file
      • Existing hosts that are added will be automatically hidden from the Pick List Window
    • Customize Notification settings
      • Supports sending notification only once and pausing the notification for a day/week/month

  • Fixes

  • The following issues have been fixed in this release:

    • In predefined compliance alert profile creation can now have the Windows 2008 type event IDs
    • EventLog Analyzer version 9.0 can now handle the string '\' in Log message fields of reports, alerts and filters
    • Issue with the resetpwd.bat file in troubleshooting folder is fixed
    • Out of memory error during log import is fixed
    • 'Notes' field in the Custom Report Creation wizard now has the character limit of 250
    • Issue with the specification of multiple log messages separated by a comma, in report creation wizard is fixed
    • Issue with the working of Radius Authentication is fixed
    • Supports syslog import with 'Automatically Identify' option
    • Issue in log import schedule for a multiline log is now fixed
    • Issue in archive purging of Postgres database is fixed
    • 'Advanced Alert' option in 'Custom Alert Profile' creation page
      • Supports specification of multiple Event IDs separated by a comma
      • Supports alert criteria edit even if the criteria is specified within double quotes
    • Issue with updation of SQL information in ChangeDBServer.bat file with $ in the password section is fixed
    • Specific Scheduled AD User import issue is fixed

  • Enhancements

    • GA release of EventLog Analyzer Distributed Edition.

    • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 9.0 Build 9000
    • No changes specific to Distributed Edition Admin Server in this release
 
X

Need a feature?

Let us know and we will roll it out as soon as we can!

  • Name
  • Email
  • Feature
  •  
  • Your requests matter.
    Help us to help you solve your
    IT security challenges!

Roadmap

We are constantly looking to add new features to meet market requirements and to improve usability. Why are we disclosing this? Because we value your inputs!

01

Enhancements in log import

Improved functionality for log imports, including quick and easy bulk import of log files and advanced import scheduling options.

02

Deeper insights from SQL reports

We are adding new predefined SQL reports which will give you more control over your SQL servers, and empower you to conduct a thorough audit in order to secure them.

Events

All upcoming events

Try EventLog Analyzer for free