This section contains a summary of the updates in EventLog Analyzer version 12.1.5 (Build 12150).
12.1.5 Build 12150 - Standalone Edition
Attack detection and mitigation
- New out-of-the-box correlation rule:
- Prebuilt correlation rule to detect Ragnar Locker ransomware attack has been added.
- Workflow actions:
- The workflow profiles now support Cisco ASA firewalls. You can now take remedial action of adding inbound or outbound firewall rules on Cisco ASA firewall with pre-built workflow profile.
Remote employee monitoring
- VPN usage monitoring dashboard:
- Exclusive VPN activity dashboard that provides insights into VPN usage trends and VPN user activity.
- Session activity view and reports:
- Session activities can now be viewed using the Weekly View timeline graph.
- Session activity reports on Palo Alto Networks and WatchGuard devices have been added.
Enhanced user experience
- Custom user roles:
- You can create multiple user roles in EventLog Analyzer in addition to the existing Admin, Operator, and Guest roles and define permissions to them.
- Log collection filters:
- Create log collection filters with multiple field criteria and logical operators to collect or exclude logs from select devices.
- The Calendar feature has been enhanced to display the day's records when you click on the Today option.
- Get contextual threat data for specific IP addresses or URLs from the search result.
- Cookie based Active Directory (AD) sync has been enabled to resolve license restriction issues.
- Pre-defined alert criteria migration issue that arose in the 12000 PPM release has been fixed.
- The auto-resetting of the member server while changing tabs has been fixed.
- The latest build release notifier for local Linux builds has been fixed.
GA Release of EventLog Analyzer 12.1.5 Build 12150 - Distributed Edition
- The new features and enhancements for the Distributed Edition - Managed Server are the same as the above.