Click here to expand

    Release Notes


    This section contains a summary of the updates in EventLog Analyzer version 12.1.6 (Build 12160).

    12.1.6 Build 12160 - Standalone Edition

    New Features

    • EventLog Analyzer provides reports for Sysmon application.
    • EventLog Analyzer will now assign a dedicated access key from Log360 feeds and provide sign up instructions for threats.
    • A new ATA Whois Info tab has been added to provide exhaustive information on URL and Domain sources.

    Enhancements

    • Custom Pattern enhancements:
      • The Custom log parsing UI has been enhanced for better user experience
      • You can now use delimiters to extract additional fields while parsing logs.
      • An Auto-Identify option has been included to detect standard fields and key-value pair logs.
    • Application & Windows Reports Enhancements :
      • The Application and File Monitoring device drill down can now be viewed under Reports.
      • Reports for Windows File Monitoring have been added.
      • You can now get All Events and Important Reports for Applications.
      • Windows Reports have now been regrouped to provide significant information.
    • The packet capture tool for troubleshooting in Syslog Viewer has been enhanced for better filtering.
    • The performance of the log collector has been enhanced to ensure optimum utilization of resources.
    • The service pack installation has been made secure by checking the PPM file for any tampering.
    • EventLog Analyzer now supports vCenter version 7.
    • EventLog Analyzer now supports SMB version 3.

    Fixes

    This release includes fixes for issues related to:

    • Issue with incorrect or null field values being sent via SMS notification has been fixed.
    • It was observed that Archives were being wrongly flagged as tampered during unanticipated shutdowns of EventLog Analyzer. This has been fixed.
    • A memory issue while loading archived logs with parsed fields has been fixed.
    • The incorrect log count issue in device drill down of Application and File Integrity Monitoring in log sources has been fixed.
    • The issue of excessive storage consumption of databases has been fixed.
    • Issue in HSTS and XSS has been fixed.
    • SQL injection and RCE vulnerabilities have been fixed.

    Note: The enhancements and fixes for the Distributed Edition are the same as that of the Standalone edition.

    Get download link