Click here to expand

    Release Notes


    This section contains a summary of the updates in EventLog Analyzer version 12.4.3 (Build 12430).

    12.4.3 Build 12430 - Standalone Edition

    New Features:

    Incident Workbench

    • EventLog Analyzer now introduces an exclusive threat investigation console for advanced contextual analytics with multiple integrations. This console is called the 'Incident Workbench' and can be invoked from multiple dashboards of EventLog Analyzer. The features include the following:
      • User behavior analytics and activity overview
      • This analysis is offered through the integration of UEBA from Log360 suite

      • Process analytics
      • This analysis consists of process spawning with parent-child process trees available in multiple graphical formats.

      • Threat analytics
      • This analysis is offered through the integration of EventLog Analyzer's Advanced Threat Analytics for in-depth risk analysis of IPs, URLs, and Domains.

        Along with the threat analysis available under Log360 Cloud Threat Analytics, the integration of VirusTotal, one of the largest live threat feeds, is also introduced in this release and will be available in the Incident Workbench

    • Users can add upto 20 analytical tabs in a single instance of the Incident Workbench and can save it to Incidents as Threat Evidences.

    Device summary

    • EventLog Analyzers now introduces an analytical console to view the overall device summary events. This console can be invoked from multiple dashboards of EventLog Analyzer. Users can find event summary for the selected period, top active users, file monitoring events, device severity events, alerts summary, and activity overview for the applications configured in the device.

    Enhancements:

    Correlation rule package

    • EventLog Analyzer now adds 50+ new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting suspicious process spawning, use of prevalent attacker tools like Mimikatz and Metasploit, and living off the land mechanisms with the exploitation of native binary tools and utilities.

    ADMP workflow actions

    • EventLog Analyzer's workflow profile builder now supports Active Directory actions using ManageEngine ADManager Plus Integration. Users can take remedial actions using the pre-built workflow profiles to perform actions like enabling or disabling users and computers, resting user passwords, adding users to groups, and deleting users and computers.

    Note: The updates for the Distributed Edition are the same as that of the Standalone edition.

    On this page

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link