EventLog Analyzer - Release Notes
Listed here are the feature enhancements and bug fixes in each release update of EventLog Analyzer.
For further information please contact EventLog Analyzer Support.
11.8 - Build 11080 (GA)
Build 11080 Released on 18 Oct 2017
The Correlation Engine has been completely upgraded to bring you complex attack detection across all devices on your network, enhanced field-level correlation, improved incident reports with timeline view, and much more:
- Multiple log format support: Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.
- Enhanced field-level correlation: Correlation can be done based on multiple log field values to provide fine-grained attack detection.
- Predefined rules: The module is packaged with 25 predefined complex attack patterns.
- Custom rule builder: The custom correlation rule builder has been upgraded to include over 250 predefined network actions and advanced filters.
- Check for unique, constant, or shared field values among the actions that make up a rule.
- Use multiple comparison conditions for fields, namely 'equals', 'not equal to', 'starts with', or 'ends with'.
- Create rules for individual log types using specific network actions, or rules common to all log types with generic network actions.
- Incident management integration: All correlation alerts can be viewed and managed with the in-built incident management console.
- The correlation user interface has been upgraded with an all new look and feel, incorporating all the above new features.
- The time between each individual pair of actions can now be specified when creating a rule.
GA Release of EventLog Analyzer 11.8 Build 11080 - Distributed Edition
- The new features, enhancements, and issue fixes for the Distributed Edition - Managed Server are the same as above.