Release Notes

This section contains a summary of the updates in EventLog Analyzer version 12.3.3.6 (Build 12336).

12.3.3.6 Build 12336 - Standalone Edition

Features:

Integration with ManageEngine ITOM solutions:

EventLog Analyzer now supports log collection and report generation for the application logs(Access and Debug logs) for solutions from our ITOM suite such as OpManager, OpManager Plus and OpManager MSP.

Threat feeds integration:

• EventLog Analyzer now offers Quick Deploy Servers to easily integrate and enhance the threat feeds.

  Supported threat feed vendors:

  • AlienVault OTX
  • Cyware
  • IBM X-Force
  • Kaspersky Threat Intelligence
  • PulseDive
  • Sectrio
  • SecAlliance-ThreatMatch
• EventLog Analyzer now supports custom STIX/TAXII servers. Supported versions: STIX 1.x and STIX 2.x

ML based automation for alerts threshold:

EventLog Analyzer now offers smart threshold option for advanced alert configuration. This feature uses ML algorithms to analyze the usual occurrence of events and automatically determine the threshold values to trigger alerts. Compared to the manual option, the smart threshold option helps optimize the functioning of alerts by consistently reducing the false positives and steering towards improving the true positive triggers.

Enhancements:

Product Security

• In new Windows installations, user access permissions for the product's root folder has been modified. It can now be accessed only by the user who installed it, and the users in the administrators group with approved permanent access. This will provide enhanced security. Check out this document to learn more.
• JSON Library used in the product has been upgraded to the latest version (json-20231013), thereby preventing a potential vulnerability (CVE-2023-5072).
• The Tomcat version bundled within the product has been upgraded to 9.0.82 for enhanced security and performance.

Distributed Edition

• The updates for the Distributed Edition - Managed Server are the same as those of the Standalone edition.