首页 »

发行说明

构建号 12233

发布于2022 年 7 月 1 日

  • windows版
    •  
  • 分布式版

 新功能

  • 根据架构,默认安装位置已更改为Program Files/Program Files(x86)
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12231

2022 年 6月 14 日发布 

  • windows版
    •  
  • 分布式版

 问题修复

  • 由于日志收集过滤器导致的日志收集问题得到解决。
  • 修复了导入 Openvas XML 文件时的问题。
  • 修复了通过文件完整性监控中的 c$ 共享记录文件删除的问题。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12230

2022 年 6月 13 日发布 

  • windows版
    •  
  • 分布式版

 功能特性

  • Mitre ATT&CK TTP(s) 的预定义关联操作。
  • 现在,当搜索超出归档期的数据时,有关取消归档日志数据的详细信息将作为“搜索取消归档状态”提供。

 增强功能

  • 威胁存储管理- 通过包含的 switchThreatStore 脚本提供在内存中威胁存储和基于磁盘的威胁存储之间切换的选项。
  • 按需工作流程 -
    • 用户可以直接从 EventLog Analyzer 的告警控制台运行工作流、触发告警并查看其状态。
    • 运行工作流选项直接在每个事件下的证据选项卡上可用。
    • 用户还可以针对单个告警或证据运行多个工作流。

 修复

  • 基于磁盘的威胁存储损坏处理。
  • 增加了对欧盟地区的威胁源支持。
  • 管理员技术人员现在可以下载合规性计划导出。
  • 已修复邮件中包含损坏的 zip 的合规性计划导出 (CSV)。

 增强功能

  • 托管服务器设置页面已经过改进,以增强用户体验。

 修复

  • 自动升级期间托管服务器的计算 URL 问题已得到修复。

构建号 12226

2022 年 5 月 19 日发布 

  • windows版
    •  
  • 分布式版

 增强功能

  • 产品捆绑的 Spring Framework jar 版本已升级至 5.3.18。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12225

2022 年 4 月 20 日发布 

  • windows版
    •  
  • 分布式版

 增强功能

  • EventLog Analyzer的日志收集模块的GUI已更新,以增强用户体验。
  • 分布式 - 托管服务器的版本更新与windows版相同。

内部版本 12220 (服务包内部版本)

2022 年 3 月 29 日发布 

  • windows版
    •  
  • 分布式版

 修复

  • 存档中的小问题已得到修复。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12219

2022 年 3月 24 日发布 

  • windows版
    •  
  • 分布式版

 修复

  • 修复了代理升级过程中由于安全加固导致的问题。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12218

2022 年 3 月 4 日发布 

  • windows版
    •  
  • 分布式版

 新的功能

  • EventLog Analyzer 现在允许您为内部应用程序配置日志收集过滤器。

 增强功能

  • DCOM 安全强化功能已更新。WMI 身份验证级别已按照 Microsoft 的建议提高。

 问题修复

  • SonicWall、Unix FTP 和 Palo Alto 中的解析问题已得到修复。
  • 未生成列完整性监控报表的问题已得到修复。
  • 架构名称已添加到 MSSQL 表中。
  • MSSQL 日志显示为 Windows 日志的问题已得到修复。
  • Linux FIM 中监控 /bin 文件夹的误报已得到控制,并且未在 /etc/passwd 上审核的 useradd/userdel 命令已得到修复。
  • 设备详细信息导出状态在 pdf 中显示错误。这已得到修复。
  • 修复了代理和服务器之间长时间通信后,Windows 代理启动和日志收集中出现的问题。
  • 配置为收集 Windows 事件和系统日志的设备未能收集 Windows 事件。这个问题已被解决。
  • 从 Log360 到 EventLog Analyzer 的邮件服务器同步仅在重新启动操作后发生。这个问题已被解决。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12216

2022 年 2 月 9 日发布 

  • windows版
    •  
  • 分布式版

 新的功能

  • EventLog Analyzer 现在包括一个安全强化选项卡,用于从一个位置管理和配置所有安全设置。
  • 内置管理员帐户的强制默认密码更改。

 增强功能

  • EventLog Analyzer 中的设置 UI 已经过改进,以增强用户体验。
  • 对于 WAF 的采用和增强安全性,已经完成了内部代码重构。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12215

2022 年 1月 7 日发布 

  • windows版
    •  
  • 分布式版

 修复

  • 此版本包含对 Apache Log4j 漏洞 (CVE-2021-44832) 的修复。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12214

2021 年 12 月 24 日发布 

  • windows版
    •  
  • 分布式版

 问题修复

  • 此版本包括对 Apache Log4j 漏洞 (CVE-2021-45105) 的修复。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12213

2021 年 12 月 17 日发布 

  • windows版
    •  
  • 分布式版

 问题修复

  • 此版本包括对 Apache Log4j 漏洞 (CVE-2021-45046) 的修复。
  • JAR-hell 问题后 12212 服务包已修复。
  • 分布式 - 托管服务器的版本更新与windows版相同。

构建号 12212

2021 年 12 月 14 日发布 

  • windows版
    •  
  • 分布式版

 修复

  • 此版本包含对 Apache Log4j 漏洞 (CVE-2021-44228) 的修复。
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12211

Released on 26 Nov 2021

  • windows版
    •  
  • 分布式版

 Features

  • EventLog Analyzer now has out-of-the-box compliance reports for the Cybersecurity Maturity Model Certification (CMMC).

 Fixes

  • Minor bugs have been fixed to resolve performance issues in the log processing, indexing and alert processing modules.
  • Issues in parsing Oracle logs for Linux based File Integrity Monitoring (FIM) have been fixed.
  • Issues in Windows agents startup and log collection, created after longer gap in communication between agent and server have been fixed.
  • Issues in Check Point attack report have been fixed.
  • Issues in parsing SonicWall and Unix devices have been fixed.
  • Issues in auditing file/folder deletions from a share location, with Windows FIM have been fixed.
  • ZVE-2021-3375 - Unauthorized command injection vulnerability in EventLog Analyzer service installation has been fixed.
  • Issue with update in IP geolocation has been fixed.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12206

Released on 8 Nov 2021

  • windows版
    •  
  • 分布式版

 Enhancements

  • The version of PostGreSQL bundled with the product has been upgraded to 10.18.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12204

Released on 12 Oct 2021

  • windows版
    •  
  • 分布式版

 Fix

  • Internal code refactoring has been done.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12203

Released on 4 Oct 2021

  • windows版
    •  
  • 分布式版

 Fix

  • Internal code refactoring has been done.
  • Issue in the Reports tab in EventLog Analyzer instances with 500 or more devices, has now been fixed.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12201

Released on 9 Sep 2021

  • windows版
    •  
  • 分布式版

 Security Issue fix

  • An authentication bypass vulnerability affecting REST API URLs, rated critical, has now been fixed.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12200

Released on 1 Sep 2021

  • windows版
    •  
  • 分布式版

 Features

  • EventLog Analyzer now supports historical log collection for AS/400 and customized historic log collection for Windows.
  • An intuitive Apache overview dashboard to provide real-time insights on Apache web server activities.
  • Support for logs from Dell and Forcepoint devices.
  • EventLog Analyzer now supports logs from Qualys-Vulnerablity Management.

 Enhancements

  • The performance of XML file import has been enhanced and the size restriction in Manage Vulnerability Details has been removed.
  • Parsing and support for new Huawei devices has been enhanced.
  • Option to stop sending emails with Empty Reports.
  • A Correlation Diagnostics pop-up has been added to provide information on the memory consumed by the Correlation module.
  • The Alerts and the Manage Profile columns can now be resized.

 Fixes

  • Issues in parsing logs from PaloAlto and Stormshield devices have been fixed.
  • Issues in parsing logs from Oracle WMI and Syslog have been fixed.
  • Search filtering in IIS Logs is fixed.
  • Search to custom report redirection issue is fixed.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12166

Released on 11 Aug 2021

  • windows版
    •  
  • 分布式版

 Fix

  • EventLog Analyzer was not loading properly when accessed from Log360's apps pane. This issue was observed in builds released post 12160 and 5220 of EventLog Analyzer and Log360 respectively. It has now been fixed.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12165

Released on 5 Aug 2021

  • windows版
    •  
  • 分布式版

 Fix

  • This release includes a fix for the pre-authenticated remote code execution (RCE) vulnerability (CVE-2021-37539) in SmartCard, reported by bmtd from ECQ.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12164

Released on 30 Jul 2021

  • windows版
    •  
  • 分布式版

 Fixes

  • This release also includes a fix for the arbitrary file upload issue in Smart Authentication (ZVE-2021-2428) that led to remote code execution vulnerability, reported by Duc from ECQ.
  • 分布式 - 托管服务器的版本更新与windows版相同。

Build 12163

Released on 6 Jul 2021

  • windows版
    •  
  • 分布式版

 Fixes

  • Issues related to categorization of Windows Workstation reports if a device is identified as a workstation with some delay are fixed.
  • Issues related with reports of network devices including Juniper, Fortinet, Barracuda, Paloalto, pfSense and Syslog Applications due to complications in parsing are fixed.
  • Issues related to device selections on configuring custom reports for AS400 are fixed.
  • Distributed editions are now allowed to have different databases among Admin and Managed servers.
  • Issues related to installing agents in Linux machines, if the audit version is 3.0, are now resolved.
  • Issues while integrating JIRA desk ticketing tool with ELA are now fixed.
  • Issues with TLS log collection, when PFX is configured, have been resolved.
  • Issues related to Windows system reports, alerts, and correlation from Chinese OS are fixed.
  • Issue in file or folder modified reports from Linux devices for Linux kernel version greater than 3.10 is now fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12160

Released on 3 Jun 2021

  • windows版
    •  
  • 分布式版

 New features

  • EventLog Analyzer provides reports for Sysmon application.
  • EventLog Analyzer will now assign a dedicated access key from Log360 feeds and provide sign up instructions for threats.
  • A new ATA Whois Info tab has been added to provide exhaustive information on URL and Domain sources.

 Enhancements

Custom Pattern enhancements
  • The Custom log parsing UI has been enhanced for better user experience.
  • You can now use delimiters to extract additional fields while parsing logs.
  • An Auto-Identify option has been included to detect standard fields and key-value pair logs.
Application & Windows Reports Enhancements
  • The Application and File Monitoring device drill down can now be viewed under Reports.
  • Reports for Windows File Monitoring have been added.
  • You can now get All Events and Important Reports for Applications.
  • Windows Reports have now been regrouped to provide significant information.
  • The packet capture tool for troubleshooting in Syslog Viewer has been enhanced for better filtering.
  • The performance of the log collector has been enhanced to ensure optimum utilization of resources.
  • The service pack installation has been made secure by checking the PPM file for any tampering.
  • EventLog Analyzer now supports vCenter version 7.
  • EventLog Analyzer now supports SMB version 3.

 Fixes

  • Issue with incorrect or null field values being sent via SMS notification has been fixed.
  • It was observed that Archives were being wrongly flagged as tampered during unanticipated shutdowns of EventLog Analyzer. This has been fixed.
  • A memory issue while loading archived logs with parsed fields has been fixed.
  • The incorrect log count issue in device drill down of Application and File Integrity Monitoring in log sources has been fixed.
  • The issue of excessive storage consumption of databases has been fixed.
  • Issue in HSTS and XSS has been fixed.
  • SQL injection and RCE vulnerabilities have been fixed.
  • Parsing issues in Unix, Firepower, Oracle and PaloAlto have been fixed.
  • The issue with importing eventlog archives in import page has been resolved.
  • Duplicate windows agent was created automatically due to multiple IP addresses. This issue has been resolved.
  • It was observed that verification was successful even with spurious credentials. This issue has been fixed.
  • The issue with Removable disk auditing reports has been resolved.
  • It was observed that the Admin Server did not get timed out even after the session timeout. This issue has been resolved.
  • While loading archive files, the 'To' field value changed into loading time value. This issue has been fixed.
  • Issues with parsing 'date' and 'time' fields in Cisco logs while loading archive files have been resolved.
  • IIS Log collection issues have been fixed.
  • The Stored XSS vulnerability (ZVE-2021-1220) has been fixed.
  • Issue with parsing AD object access logs (Event ID 4662) has been fixed.
  • Issues with data authorization for File Integrity Monitoring (FIM) Configurations have been fixed.
  • Sensitive Data Exposure issue (ZVE-2021-0879) reported by Kevin Dawe has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12157

Released on 16 Mar 2021

  • windows版
    •  
  • 分布式版

 Enhancements

  • The version of JSON jar bundled with the product has been upgraded to 20190722.0.0.
  • The version of PostGreSQL bundled with the product has been upgraded to 10.15.
  • The EventLog Analyzer build image has been upgraded.
  • Predefined VPN reports have now been added for CheckPoint and Barracuda Firewall.
  • The threat detection in Correlation tab has been enhanced for improved performance.
  • Logon reports for Firepower have now been added.
  • The Windows and Linux agent versions have been upgraded to 4.5 and 1.3 respectively.
  • You can now use either the Auto detect option or use the server time to revert the timezone.
  • The performance of STIX/TAXII threat feeds operations and Advanced Threat Analytics has been enhanced.
  • EventLog Analyzer now supports in-memory threat look-ups. This can be availed by getting in touch with support@eventloganalyzer.com.

 Fixes

  • Application sources from which the agent collects logs, have been added to local log collection poll where it can be used for syslog collection.
  • SysEvtCol wasn't starting after the version upgrade. This issue has been fixed.
  • It was noticed that the Syslog devices when pinged, continued to ping until the device is restarted. This issue has been fixed.
  • Issues in the IPSec VPN reports have been fixed.
  • Issue in parsing of Source IP field for Cisco Failed VPN Logon events has been fixed.
  • Issues in Archive Integrity Cycle have been fixed.
  • Issue in parsing PaloAlto VPN logs has been fixed.
  • Log collector down alert was wrongly generated when a syslog device was added as a LinuxFIM. This issue has been fixed.
  • The timezone issue while fetching data for Dashboard has been fixed.
  • Issues in Apache web server attack reports have been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12155

Released on 13 Jan 2021

  • windows版
    •  
  • 分布式版

 New features

EventLog Analyzer now provides reports and alert profiles based on the MITRE ATT&CK framework.
Streamlining security incident management
  • Investigate and track security incidents
    • You can create incidents and assign technicians to investigate them.
    • Track the status, severity, and the progress made in the investigation of incidents.
Automate incident creation using incident rules
  • Configure incident rules to automatically create incidents when specific alerts get triggered within a given time frame.
Map alerts as incidents
  • You can also map triggered alerts, reports, and log search results as incidents and assign a technician to investigate them.

 Enhancements

  • To mitigate the cross-site scripting vulnerability, jQuery has been upgraded to version 3.5.1
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12150

Released on 4 Jan 2021

  • windows版
    •  
  • 分布式版

 New features

Attack detection and mitigation
  • New out-of-the-box correlation rule:
    • Prebuilt correlation rule to detect Ragnar Locker ransomware attack has been added.
  • Workflow actions:
    • The workflow profiles now support Cisco ASA firewalls. You can now take remedial action of adding inbound or outbound firewall rules on Cisco ASA firewall with pre-built workflow profile.
Remote employee monitoring
  • VPN usage monitoring dashboard:
    • Exclusive VPN activity dashboard that provides insights into VPN usage trends and VPN user activity.
  • Session activity view and reports:
    • Session activities can now be viewed using the Weekly View timeline graph.
    • Session activity reports on Palo Alto Networks and WatchGuard devices have been added.
Enhanced user experience
  • Custom user roles:
    • You can create multiple user roles in EventLog Analyzer in addition to the existing Admin, Operator, and Guest roles and define permissions to them.
  • Log collection filters:
    • Create log collection filters with multiple field criteria and logical operators to collect or exclude logs from select devices.

 Enhancements

  • The Calendar feature has been enhanced to display the day's records when you click on the Today option.
  • Get contextual threat data for specific IP addresses or URLs from the search result.
  • Cookie based Active Directory (AD) sync has been enabled to resolve license restriction issues.

 Fixes

  • Pre-defined alert criteria migration issue that arose in the 12000 PPM release has been fixed.
  • The auto-resetting of the member server while changing tabs has been fixed.
  • The latest build release notifier for local Linux builds has been fixed.
  • The Zip Slip vulnerability reported by zhighest has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12147

Released on 13 Nov 2020

  • windows版
    •  
  • 分布式版

 Fixes

  • This release includes a fix for the unrestricted file upload issue that led to remote code execution vulnerability, which allowed unauthorized access to the server, as reported by Zhighest.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12146

Released on 20 Oct 2020

  • windows版
    •  
  • 分布式版

 New features

Prepackaged Stormshield device reports:
  • EventLog Analyzer now provides out-of-the box reports for Stromshield device events such as Logon, Firewall Rule Management, System Event, Severity, and more.

 Enhancements

  • Correlation metadata will now be stored in ElasticSearch instead of the product database for better performance.
  • The version of Tomcat bundled with the product has been upgraded to 8.5.57
  • The version of PostgreSQL bundled with the product has been upgraded to 10.12

 Fixes

  • Issue in Geo location performance has been fixed.
  • Issues in Unix parser have been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12145

Released on 27 Aug 2020

  • windows版
    •  
  • 分布式版

 Enhancements

  • New report groups for monitoring logons, failed logons, processes, and scheduled tasks in Windows workstation devices have been added.
  • Quick links to MSSQL Server Events, IIS Webserver Events, Terminal Server Events, and Printer Events have been added.

 Fixes

  • Issue in collecting Applocker eventlogs has been fixed.
  • Issue with parsing usernames in eventlogs is now fixed.
  • Port update issue in the agent during connection changes in the EventLog Analyzer server is fixed.
  • Issue with populating usernames in Linux File Integrity Monitoring reports is fixed.
  • A logon failure on clicking "Verify Credential" during device updates is resolved.
  • False positives while generating alerts for missing archive files have been fixed.
  • Issue in importing a compressed CSV file is fixed
  • Issue related to delay in start up of EventLog Analyzer server due to collection of OS related information is fixed.
  • The "URL Site" field has now been added to the SonicWall Denied connections report.
  • Issue with CEF Destination IP parsing has been fixed.
  • Issue with generating the Anyconnect VPN report has been fixed.
  • Issue with parsing Firepower traffic logs is now fixed.
  • The destination IP address will now be shown in Trend Micro reports.
  • Issue with loading the server diagnostics page has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12141

Released on 31st Jul 2020

  • windows版
    •  
  • 分布式版

 Enhancements

Agent Enhancement
  • Filters for Agent Status, Domains, etc. have been added to Agent Administration.
Device Group Enhancement
  • Device Group pages now offer filters for Device Type, Device Groups, and Sub Type.
  • Option to export and import correlation rules.
Enhancements to IIS Configuration Report
  • Out-of-the-box report to view IIS Configuration changes such as Logging Changes, Modules Changes, SSL Changes, and more.
Enhanced FIM module
  • The File Integrity Module user interface has been enhanced for improved user experience.
Reports enhancement
  • Top and Trend, User Based, and Device Schedule Reports' UI have been enhanced for better user experience.
  • Option to not notify the customers over email when the report has no data.
Dashboard enhancements
  • Dashboard tile customization: Flexibility to customize the dashboard tiles to view multiple reports.
  • The graphs will be updated in real-time when new data is available.
Enhanced archive process
  • The archive process has now been enhanced. It also includes notification to intimate details on the storage space while unarchiving.
Import Log(s) performance enhancement
  • The performance of Import Log(s), IIS, and MySQL modules' has been enhanced to reduce the file read time thereby lessening the time taken for importing the logs.

 Usability Enhancements

Upgrade notification
  • You will receive in-product notification as soon as a new update is available for upgrade.

 Fixes

This release includes fixes for issues related to:

VPN
  • Issue in session logs not getting recorded when a user disconnects VPN, has been fixed.
  • Fortinet session reports were not available under New Report. This issue has been fixed.
  • Issue in username field value in predefined Fortinet VPN Session reports has been fixed.
  • Issue in populating Fortinet VPN logoff report has been fixed.
Agent
  • Due to delay in synchronization, agent status was displayed wrongly in the UI. This has been fixed.
  • In Linux agents, issues related to high CPU usage have been fixed.
Syslog
  • Issue in Syslog getting disabled in log collector even when enabled in the UI has been fixed.
  • Issue in Syslog devices being unreachable has been fixed.
Log parsing
  • Parsing support has been included for Fortimail logs.
  • For Unix logs, milliseconds will be considered while sorting the logs.
  • Support provided now for the latest versions of Symantec log structures.
  • Out-of-the box support has been provided for F5 Application Security Manager.
Vulnerability fixes
  • PostgreSQL has been upgraded to version 10.12 for Linux.
  • The older versions (1.x and 2.x) of JQuery have been removed.
Other fixes
  • You can now specify the number of days, weeks, or months in the 'log retention period' option for the archives loaded by the user. EventLog Analyzer will unload these logs after the specified period.
  • Issue in TLS log collection when the password is encrypted. This has been fixed.
  • Issue in username missing from the logs has been fixed.
  • Issue in filter when eventlog ID and message are requested has been fixed.
  • Issues in newly added devices taking old hostnames have been fixed.
  • Issue in auto updating of IP in host table has been fixed.
  • Event log collection failures were observed when the number of cores exceeded a certain limit. This issue has been fixed.
  • The Repo (repository) folder was not getting cleared when product logs off while unarchiving data. This has been fixed.
  • Issue in device count displayed on the dashboard for Managed Servers has been fixed.
  • Issues in indexing were observed when ES connection is reset. This has been fixed.
  • In Linux, the service auto startup issue has been fixed.
  • When all the associated devices are disabled, Agent Down notification will be skipped.
  • The archive data loaded in the centralized archive can now be viewed flawlessly.
  • Issue in configuring multiple SQL Server instances that are listening on the same port of a machine has been fixed.
  • Appropriate notifications will be displayed for different connectivity issues between the admin server and the managed server.

Build 12137

Released on 9th Jun 2020

  • windows版
    •  
  • 分布式版

 New features

NIST compliance
  • EventLog Analyzer now has out-of-the-box compliance reports for meeting NIST standards.
PDPA compliance
  • EventLog Analyzer now has out-of-the-box reports to comply with the Philippines Data Privacy Act.
Correlation rules to detect ransomware
  • EventLog Analyzer now has correlation rules to detect the MailTo and Coronavirus ransomware execution.

 Enhancements

SQL Performance
  • SQL Server Advanced Auditing performance has been enhanced to optimize CPU usage.
WMI Log Collection Performance
  • There will be a higher throughput of logs collected via WMI from windows devices.

 Fixes

  • VPN logon reports have been fixed and new VPN logoff reports have been added.
  • The issue with configuration of devices with device names in Japanese has been fixed.
  • Removing the auto-log forward entry for the devices deleted from EventLog Analyzer is fixed.
  • Disabling radius authentication for disabled users has been fixed.
  • Issue with detecting domain names in the login page has been fixed.
  • Issue with updating the status of files in the central archive following integrity checks has been fixed.
  • Exporting applications reports for the current date irrespective of time range is possible now.
  • Suspicious URLs that were not flagged in Advanced Threat Analytics will be detected now.
  • Hostname handling issues while adding a threat source has been fixed.
  • Blocks in the incident management workflow with regard to SNMP localhost forwarding, URL validation, and port validation are now refined.
  • A mismatch with the log count and the issue with the popup in the application log sources page has been fixed.
  • Issue with the parsing of logs for Linux File Integrity Monitoring in RedHat has been fixed.
  • Issue with configuring event sources has been fixed.
  • Appropriate notifications will be displayed for different connectivity issues between the admin server and the managed server.

Build 12136

Released on 15th May 2020

  • windows版
    •  
  • 分布式版

 Fixes

  • This release includes fix for the CVE-2020-24786 vulnerability, which allowed unauthenticated changes to integration system configuration, reported by Florian Hauser.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12135

Released on 6th May 2020

  • windows版
    •  
  • 分布式版

 New features

Custom VPN sessions alert

You can now create custom alert profile for VPN sessions in EventLog Analyzer to trigger an alert when:

  • The number of active VPN sessions exceeds a custom threshold value.
  • A VPN connection is established from a blacklisted VPN source location.
Correlation alerts

You can now create alert profiles to trigger correlated alerts when:

  • Multiple VPN logon failures occur from a user account within a specific period.
  • Multiple successful connections have been established by the same user from different locations within a specific period.

 Fixes

  • The Remote Code Execution vulnerability in the product pages has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12130

Released on 13th April 2020

  • windows版
    •  
  • 分布式版

 New features

Trend Micro-deep security support
  • Out-of-the-box reports on Trend Micro-deep security devices.
Smart card- based authentication
  • If you have a smart card authentication system enabled in your environment, you can configure EventLog Analyzer to authenticate users through it, bypassing other first-factor authentication methods.
New logon security options
  • CAPTCHA support - Flexibility to display a CAPTCHA always, or after a certain number of invalid login attempts. Besides image, you can also enable Audio CAPTCHA.
  • Account lockout: Option to lock user accounts for a specific duration after a certain number of invalid or failed login attempts. The locked out user account cannot be used to access EventLog Analyzer until the specified duration is completed.
IP geo location for IIS logs
  • EventLog Analyzer now enables you to know the location of your visitors from their IP addresses.

 Enhancements

Revamped alerts
  • The Alert tab now features a revamped GUI to facilitate improved management and faster response to alerts created.
Juniper structured log format
  • Support for structured logs from Juniper firewall .

 Fixes

  • HTTP vulnerabilities in ES have been fixed.
  • Issue in listing IBM AS400 in report scheduler has been fixed.
  • Issue in parsing Oracle logs has been fixed.Issue in parsing NPS (Network Policy Server) logs have also been fixed.
  • The problem with file auditing when the 'username' field is enabled has been fixed.
  • Issue in generating USB report in Chinese machines have been fixed.
  • Issue in generating FIM report in German machines have been fixed.
  • Issue in deleting import logs, and importing logs has been fixed.
  • Issue in removing custom pattern has been fixed.
  • Agent startup issue has been fixed.
  • In the Oracle Predefined reports, issue in presenting all the search fields in 'Add/Remove columns' has been fixed.
  • In agent auditing, incorrect device-down alerts sent via mail has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12126

Released on 3rd April 2020

  • windows版
    •  
  • 分布式版

 New features

VPN sessions monitoring report

When employees work from home, it's mandatory to accurately monitor their VPN sessions. EventLog Analyzer has added an exclusive "VPN Session Monitoring" analytical report that gives information on:

  • Number of active VPN sessions
  • Duration of each VPN session
  • Status of individual user's VPN connection

These information help not only in monitoring and auditing VPN user activities but also in VPN capacity planning.

EventLog Analyzer supports Cisco, Fortinet, SonicWall, Huawei, Meraki, and H3C VPNs right out of the box.

  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12125

Released on 19th March 2020

  • windows版
    •  
  • 分布式版

 Enhancements

  • The Log receiver option is now enabled only for administrators.
  • Read access is now provided for the current archive file, so that other applications can access it.
  • OpenSSL has been upgraded from openssl_1_1_0c to openssl_1_1_0l.
  • Option to disable the population of trend tables (tables containing hourly log count) has been added.
  • Parser rules for Windows Event ID 800 has been added.

 Fixes

  • Issue with switching the managed server in the Compliance page has been fixed.
  • Issues with parsing of severity information from old Windows archive files have been fixed.
  • The dashboard now renders perfectly for all date formats.
  • Sophos, pfSense, and Juniper devices' logs can now be parsed without errors.
  • The Syslog Viewer no longer stops displaying incoming logs when the language is changed from English.
  • Issue which caused log collection to be stopped when an existing ELA installation was migrated to a different device has been fixed.
  • Issue in deletion of custom fields created from preview of import log has been fixed.
  • Issue which caused the alert dumps to accumulate when a correlation rule is built with "is variable" condition has been fixed.
  • Updates and improvements to ensure ELA works in the "High Availability" mode when started as a service.
  • Fixes to ensure archive logs don't get corrupted when Java virtual machine hangs or shuts down abruptly.
  • Problems concerning crashes in native logger have been fixed.
  • Problem of disconnection of SSH during agent sync has been fixed.
  • Problem with Linux File Integrity Monitoring filters has been fixed.
  • Problems with permissions being escalated for non-privileged users while importing logs have been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12123

Released on 6th March 2020

  • windows版
    •  
  • 分布式版

 Fixes

  • The issue with processing of cached records created before 12120 build has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12121

Released on 19th February 2020

  • windows版
    •  
  • 分布式版

 Enhancements

  • Enhanced performance with redundant log prints detection, centralized log entry point, and more.

 Fixes

  • Reduced Elasticsearch recovery time, and product startup time.

 Fixes

  • Issues with changing a managed server in the reports tab has been fixed.
  • Issues with viewing the last 10 events of a managed server in the admin server has been fixed.

Build 12120

Released on 16th January 2020

  • windows版
    •  
  • 分布式版

 New features

FERPA compliance
  • EventLog Analyzer now has out-of-the-box compliance reports for the Family Educational Rights and Privacy Act (FERPA).

 Enhancements

Agent administration

EventLog Analyzer's agent has been upgraded to make it more versatile and achieve the following:

  • You can deploy Windows agents from EventLog Analyzer running on a Linux server.
  • The agent administration UI has been enhanced to facilitate easier agent installation, uninstallation, restart, and upgrade.
  • You can now collect syslogs from applications running on Windows machines. 
  • You can upgrade the EventLog Analyzer agent deployed in demilitarized zones (DMZs).
  • Communication between the agent and EventLog Analyzer is now more secure.
  • You can collect logs of Oracle applications running in Windows devices.
  • New blocks in workflow including Send SNMP Trap, HTTP Request, CSV Lookup, and Forward Logs have been added.
  • You now have the option of collecting only the application logs from Windows devices.
  • The log collector's dependency on databases has been eliminated.
  • The product settings UI has been revamped for easier configuration.

 Fixes

  • Traces of clickjacking vulnerability have been removed. 
  • Issue in 'Save to folder' option for scheduled reports has been fixed. 
  • Issue in the SonicWall web traffic dashboard widget has been fixed. 
  • Issues in parsing HTML tags and logs from recent Windows versions have been fixed. 
  • Issue in log correlation for imported logs has been fixed.
  • Issue which caused Linux agent to crash has been fixed.
  • Issue in notification for AMS license expiry has been fixed. 
  • Issue in importing vulnerability logs from the Windows agent has been fixed. 

 Fixes

  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12115

Released on 14th December 2019

  • windows版
    •  
  • 分布式版

 New features

Support for IBM Db2 logs
  • EventLog Analyzer now supports IBM Db2 logs and provides out-of-the-box reports.
Threat whitelisting
  • You can configure EventLog Analyzer with an index of approved IPs, URLs, and domain names to minimize false positives.

 Enhancements

  • The alerts section now has a set of default alert profiles.
  • The dashboard has predefined profiles for Cisco devices and SQL and IIS servers.
  • The dashboard gets a new dark theme for better visual experience.

 Fixes

  • Issue with zipping AS/400 archive logs has been fixed.
  • Issue with categorizing IIS FTP server logs has been fixed.

 Fixes

  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12110

Released on 6th November 2019

  • windows版
    •  
  • 分布式版

 New features

Support for F5 devices
  • Out-of-the-box reports are now available for F5 devices.
CCPA compliance reports
  • Predefined reports for CCPA compliance are now available.

 Enhancements

  • Receive email notifications to monitor user actions in EventLog Analyzer.
  • Option to customize the existing correlation rules to detect sophisticated threats.
  • All the generated alerts are now stored in Elasticsearch instead of database, for faster search and retrieval of data.
  • Custom reports can now be shared with other users.
  • Alert retention is now configurable.

 Fixes

  • Issues with multiple admin-managed server synchronization has been fixed.
  • An option has been added to enable or disable periodic email alerts when a device is down.
  • Issue with taking backups of the built-in pgSQL database in EventLog Analyzer while upgrading to versions 12000 and above has been fixed.
  • Issue with displaying executed commands for older library versions of Linux File Integrity Monitoring has been fixed.
  • Issue with viewing the last 10 events in machines with Turkish operating systems has been fixed.
  • Issue wit sending emails from EventLog Analyzer using TLS 1.2 has been fixed.
  • Issue with displaying agent log counts has been fixed.
  • Issue with displaying Configuration Changes Reports in Checkpoint devices has been fixed.
  • Issue with updating the values in alert profiles has been fixed.
  • Issue with displaying event log counts for PCI DSS compliance has been fixed.
  • Issue with processing alert profiles created with Regex pattern criteria has been fixed.

 Enhancements

  • The process of converting a standalone server to a managed server has been enhanced for improved user experience.

 Fixes

  • Issue in updating the managed server with compatible service packs from the admin server has been fixed.
  • Connection failure issue after updating managed server credentials in admin server has been fixed.
  • Issue with automatically updating managed server devices to the admin server has been fixed.

Build 12100

Released on 8 October 2019

  • windows版
    •  
  • 分布式版

 New features

Customizable dashboard

EventLog Analyzer's dashboard now has a range of customization options.

  • Dashboard data will be updated in real time.
  • New tabs can be created with predefined widgets or with a blank template where any report can be pinned to the tab.
  • The color of the charts can be customized for more visual impact.
Advanced Threat Analytics
  • Crucial information on the severity of threats can be obtained when potentially malicious URLs, domains, and IP addresses intrude into the network.

 Enhancements

Enhanced archival process

The log archival process has been enhanced for better usability, reporting, and for ensuring the integrity of log data. With the enhanced archive:

  • Multiple archives can be loaded and unloaded simultaneously.
  • The data in the loaded archive files is now searchable and reports can be generated.
  • An alert will be raised if the archived logs are tampered with.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12060

Released on 23 August 2019

  • windows版
    •  
  • 分布式版

 New features

  • Automatic discovery of MySQL servers.
  • SAP ERP logs and McAfee ePolicy Orchestrator syslogs support.

 Enhancements

  • Support for seamlessly processing syslogs that have different encodings and are from different time zones.
  • REST API support for ServiceDesk Plus, an Incident Management tool.
  • Performance of searching through compressed log data has improved.

 Fixes

  • Issue of creating alert profiles using custom fields has been fixed.
  • SQL server audit reports not being populated with data has been resolved.
  • Issue of parsing username with sudo commands has been fixed.
  • Issue of identifying false positives when the log collector is manually stopped has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12050

Released on 26 July 2019

  • windows版
    •  
  • 分布式版

 New features

Incident workflow management
  • Create and manage incident workflows in EventLog Analyzer. These workflows are automatically executed when the associated incident alerts are triggered. You can even track the execution of each workflow and view its status.
CoCo and NERC compliance reports
  • Predefined compliance reports have been added for CoCo and NERC regulations.

 Enhancements

  • Technician audit logs are now maintained separately in the database, to facilitate future forensic investigations if needed.
  • Alert severity can now be passed as an argument to scripts in the run program option, or to be displayed in email and SMS notifications.

 Fixes

  • Issue with displaying the Next 10 archives in the Archive Settings page has been fixed.
  • Issue with loading the Malware Detected report under Windows Defender has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12041

Released on 20 June 2019

  • windows版
    •  
  • 分布式版

 Enhancements

  • The Search tab has a new UI with enhanced Advanced Search Criteria, Save Search, and Tag settings, for better user experience.

 Fixes

  • Issue in the terminal server agent has been fixed.
  • Issue in migrating from PostgreSQL to Microsoft SQL Server has been fixed.
  • Issue in Microsoft SQL Server Auditing Configuration when SSL is enabled in a SQL Server instance has been fixed.
  • Issue in changing EventLog Analyzer's back-end database to SQL Server when SSL is enabled has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Build 12040

Released on 31 May 2019

  • windows版
    •  
  • 分布式版

 New features

Support for Arista switches
  • EventLog Analyzer now offers predefined event-based reports on Arista switches.

 Enhancements

  • The settings tab has been refurbished for enhanced user experience.
  • The reporting module has been tweaked to process queries faster.

 Fixes

  • Issue in archiving correlated data has been fixed.
  • Issue in sending a test email without authentication has been fixed.
  • Timestamp issue in forwarded Windows logs has been fixed.
  • Issue in scheduled reports exported with empty PDF attachments has been fixed.

 Enhancements

  • Synchronized data will be auto-recovered in the admin server if synchronization fails.

 Fixes

  • Issue in synchronizing data and service pack if the admin server is down during managed server startup has been fixed.
  • Issue in device reports in the admin server dashboard has been fixed.
  • Issue in removing managed servers configured with applications from the admin server has been fixed.
  • Synchronization issues between the admin server and managed servers have been fixed.

Build 12030

Released on 27 Mar 2019

  • windows版
    •  
  • 分布式版

 New features

Compliance reports for NRC and Cyber Essentials
  • EventLog Analyzer offers out-of-the-box reports for complying with the mandates prescribed in the Nuclear Regulatory Commission RG 5.71 and Cyber Essentials.

 Enhancements

  • You can now import logs stored in Amazon Simple Storage Service (Amazon S3) buckets.
  • EventLog Analyzer now supports server message block (SMB) 2.0 for importing logs, discovering IIS Servers, and file integrity monitoring.

 Fixes

  • Issue in log collector caused by packet size being bigger than the buffer size has been fixed.
  • Issue in sending test emails from the product has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 12020

Released on 8 Feb 2019

  • windows版
    •  
  • 分布式版

 New features

Support for SNMP traps and MySQL logs
  • EventLog Analyzer now has the ability to process SNMP traps, and also supports import and analysis of MySQL general and error logs.
H3C device support
  • EventLog Analyzer now provides out-of-the-box support for H3C devices.

 Enhancements

  • The different views of a report, such as table, summary, matrix, and multi-report, can now be exported as PDFs.
  • Option to enable or disable headers in CSV files has been added.
  • Option to select log file name patterns while periodically importing log data has been added.

 Fixes

  • Issue in deleting log import schedules has been fixed.
  • Issue in adding multiple email addresses in the recipient field of the Log Collection Failure alert has been fixed.
  • Issue in alert processing has been fixed.
  • Issues in report schedules and severity-based pivot reports have been fixed.
  • Issue in log collection schedules when collecting Syslog from Windows devices has been fixed.
  • Issue in parsing Firepower and Check Point logs has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 12012

Released on 23 Jan 2019

  • windows版
    •  
  • 分布式版

 New features

Two-factor Authentication
  • EventLog Analyzer's login security has been bolstered with two-factor authentication via email, SMS, Duo Security, RSA SecurID, and Google Authenticator.

 Enhancements

  • Mail notification settings have been completely revamped for enhanced user experience.
  • Option to configure proxy server has been added.
  • SMS notification settings now supports additional protocols such as HTTP, SMTP, and SMPP.
  • jQuery version has been upgraded to 3.3.1 for greater security.

 Fixes

  • Issue in connecting to a Microsoft SQL database when the password size exceeds 15 characters has been fixed.
  • Issue in sending alerts to Windows Event Viewer has been fixed.
  • Issue in MySQL backup has been fixed.
  • Issue in forwarding logs from AS/400 devices has been fixed.
  • Issues in parsing logs for file integrity monitoring and SQL column integrity monitoring have been fixed.
  • Issue in resolving IP addresses which caused the log collector to quit has been fixed.
  • Issue in scheduling predefined reports has been fixed.
  • Issue in loading archived logs has been fixed.
  • Issue in sorting report profiles has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 12010

Released on 30 Nov 2018

  • windows版
    •  
  • 分布式版

 New features

Linux File Integrity Monitoring
  • Predefined reports to track creation, modification, deletion, renaming, and permissions changes in files and folders on Linux devices.

 Enhancements

  • The File Integrity Monitoring module configuration has been enhanced for better user experience.
  • The capability to audit all activities of users with Technician roles in the File Integrity Monitoring module.
  • ICMP traffic logs are now parsed.

 Fixes

  • Issue in the scheduler when multiple criteria are selected for File Integrity Monitoring has been fixed.
  • Issue which caused a mismatch in the number of events displayed in the File Integrity Monitoring dashboard and the underlying data has been fixed.
  • Issues in graph and data in exported reports in the CSV format has been fixed.
  • Issue in exporting reports with more than eight columns has been fixed.
  • Issue in parsing Palo Alto logs without serial numbers has been fixed.
  • Issue in displaying Symantec system events in the appropriate report has been fixed.
  • Issue in parsing Unix device logs to track file uploads has been fixed.
  • Issue in displaying the content in alerts mails has been fixed.
  • Issue in updating the time at which logs were last received from Windows devices with third-party agents has been fixed.
  • Issue in displaying the status of log collection of the syslog receiver has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

 Fixes

  • Issue in configuring centralized log archival from the Admin server using some browsers has been fixed.

Build 12000

Released on 13 Nov 2018

  • windows版
    •  
  • 分布式版

 New features

Brand-new UI for reports

A completely revamped reports tab with a fresh UI and the ability to:

  • Create custom reports more swiftly and also view them in four different formats— Table, Summary, Matrix, and Multi-report.
  • Generate new views for the prebuilt reports.
ISLP compliance reports
  • EventLog Analyzer now has out-of-the-box reports to help you comply with Information Security Level Protection's (ISLP) requirements.
Support for Cisco Firepower & pfSense

Ability to process logs from Cisco Firepower and pfSense, along with exclusive reports and alert profiles to easily audit events from these devices.

 Enhancements

  • Correlation rules have been enhanced with the option to add these new conditions: less than, greater than, between, not contains, not starts with, not ends with, not between, and is variable.
  • Advanced auditing of Microsoft SQL supports all collations.
  • The Favorite reports category has been enhanced to become user-specific.
  • All the report categories have been enhanced for better usability and searching.
  • The GPG compliance reports under the Windows reports category have now been moved to the dedicated group under the Compliance tab.

 Fixes

  • Issue in user-specific language settings has been fixed.
  • Issue causing the unavailability of EVTX log files' description has been resolved.
  • Issue in parsing DHCP and Huawei logs has been fixed.
  • Issue in updating report summary in database has been resolved.
  • Issue causing log collector to shut down while processing logs collected using TLS 1.0 has been fixed.
  • Issue in editing the log collection filters page has been resolved.
  • Issue causing inconsistency in Application page's severity log reports has been resolved.
  • Issues in selecting fields for search and changing work-hour configurations in Internet Explorer browser have been fixed.
  • Issue in fetching data for previous day's non-working hours reports has been fixed.
  • Issue in searching while having space in field names has been resolved.
  • Issue in Save to Folder option in scheduled reports has been fixed.
  • Issue in time format when exporting user-based reports has been fixed.
  • Issue in rearranging actions in correlation rules has been fixed.
  • Issue in deleting correlation rules in the off-heap mode has been fixed.
  • Issue in saving search criteria that contain regex expressions as an alert has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

 Fixes

  • Issue in View Old Data option in the managed server correlation tab has been fixed.

Build 11212

Released on 5 Oct 2018

  • windows版
    •  
  • 分布式版

 Enhancements

  • Log processing has now been made faster for enhanced performance and user experience.

 Fixes

  • Issue with scheduled imports of multi line logs has been fixed.
  • Issues in building custom alerts have been fixed.
  • Issue with parsing SonicWall logs has been fixed.
  • Issue with emailing scheduled reports has been fixed.
  • Issue with populating data in reports pertaining to ManageEngine Password Manager Pro has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 11211

Released on 28 Sep 2018

  • windows版
    •  
  • 分布式版

 Fixes

  • Issue in viewing events of the correlation history in Build 11210 has been fixed.
  • Issue in applying the service pack in Build 11210 has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 11210

Released on 10 Sep 2018

  • windows版
    •  
  • 分布式版

 New features

HP switch monitoring
  • EventLog Analyzer offers predefined reports and alert profiles to monitor the security events of HP switches exclusively. It also comes with the capability to analyze log data of HP switches.

 Enhancements

  • The import log module now supports multiple file encodings.
  • An option to specify the imported log data's timezone.
  • Date format can now be set in the product.

 Fixes

  • Issue with importing EVTX format files from a shared path has been fixed.
  • Issue with importing files from a shared path when the device credentials have already been configured has been fixed.
  • Issue in displaying data for compliance reports in the free version of the product has been fixed.
  • Issue in timestamp when scheduled compliance reports are saved has been fixed.
  • Issue in not parsing the username field in Windows application logs has been fixed.
  • Issue in reports not populating data from IBM AIX systems has been fixed.
  • Issue in fields of the Windows Services reports in the compliance report section has been fixed.
  • Issue in not being able to import CRT files into the ssl.keystore has been fixed.
  • Issue in product not starting when HTTPS is enabled and the password contains a special character has been fixed.
  • Issue in parsing Barracuda device logs has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 11204

Released on 30 Jul 2018

  • windows版
    •  
  • 分布式版

 New features

Threat Management
  • EventLog Analyzer's threat intelligence module has been further enhanced by extending support for real-time updates from custom STIX/TAXII servers.

 Fixes

  • Issue in saving scheduled reports and also changes to favorite reports has been fixed.
  • Sparsely-occurring issue while loading archive logs has been fixed.
  • Issue causing malfunction of TLS log collection server when PFX certificate has certificate chain has been fixed.
  • Issue in parsing H3C logs has been fixed.
  • Issue encountered while resetting passwords has been fixed.
  • Issue in alert mail rebranding has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 11200

Released on 18 Jun 2018

  • windows版
    •  
  • 分布式版

 New features

Selective activity monitoring
  • Monitor Windows and Unix sessions of users with predefined or custom session activity rules.
Meraki security appliances auditing
  • Predefined reports and alert profiles to audit security events of Meraki security appliances easily.
Support for CEF format logs.

 Enhancements

  • The scope of Microsoft SQL Server auditing has been widened with the ability to audit and track more activities such as logins, integrity of data on the server, and more.
  • Reports on session activity have been enhanced for better usability.
  • The correlation scheduler has been given a facelift.

 Fixes

  • Issue in establishing an ODBC Connection when TLS 1.0 is disabled has been fixed.
  • Issue which identified other application logs as Microsoft SQL Server logs has been fixed.
  • Issue in data not being displayed in reports if the table header and database name exceeds fifty characters has been fixed.
  • Issue in monitoring interval scheduler for AS400 devices has been fixed.
  • Issue in AIX reports not showing accurate data has been fixed.
  • Issue in VPN user reports not populating data for network devices has been fixed.
  • Issue in the format of the Palo Alto logon report has been fixed.
  • Vulnerability issues in the product settings have been fixed.
  • Cross-Site Scripting vulnerability (CVE-2018-10075) that allowed remote attackers to inject arbitrary web script or HTML via the import logs function has been fixed.
  • Cross Site Scripting vulnerability (CVE-2018-10076) that allowed remote attackers to inject arbitrary web scripts or HTML via the search function has been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.
  • Issue in copying the service pack and license from the Admin server to Managed servers has been fixed.

Build 11140

Released on 25 May 2018

  • windows版
    •  
  • 分布式版

 New features

  • Password protection can be enabled for reports that are exported in PDF and CSV formats.
  • Users with administrator privileges can now audit the report export activities.
  • Guest users will not be able to export reports.

 Enhancements

  • When you enable the GDPR configuration settings, you will be prompted for consent during third party tool integrations.
  • The new features and enhancements for the Distributed Edition - Managed Server are the same as the above.

Build 11134

Released on 21 May 2018

  • windows版
    •  
  • 分布式版

 New features

  • A rich text editor has been provided in the alert profile configuration page to compose the alert email.

 Enhancements

  • The correlation rule builder has been revamped for better usability.
  • The correlation engine can now detect malicious IP addresses from threat feeds.
  • The alert mail content has been enhanced.

 Fixes

  • The issue in the correlation alert mail has been fixed.
  • Several other minor issues have been fixed.
  • The updates for the Distributed Edition - Managed Server are the same as the above.

Build 11133

Released on 11 May 2018

  • windows版
    •  
  • 分布式版

 New features

Support for more ticketing tools
  • EventLog Analyzer's incident management module now supports Jira Service Desk, Zendesk, Kayako, and BMC Remedy Service Desk.

 Enhancements

  • The user interface of the Incident Management tab has been enhanced for better user experience.
  • The updates and fixes for the Distributed Edition - Managed Server are the same as the above.

Build 11130

Released on 13 April 2018

  • windows版
    •  
  • 分布式版

 New features

  • IIS web site auto discovery which makes it easier to configure IIS web sites for monitoring.

 Enhancements

  • Multiple files can now be imported simultaneously.
  • Server Message Block (SMB) protocol has been added as one of the protocols to access files.
  • Customization options have been added for scheduling of log imports.
  • Dynamic patterns and numerical increments for file rollovers have been added.
  • Option to import and store logs for short durations has been added.

 Fixes

  • Issue in the device name and display name fields in custom reports has been fixed.
  • Issue in adding syslog hosts has been fixed.
  • Parsing issue in Cisco device logs has been fixed.
  • The updates and fixes for the Distributed Edition - Managed Server are the same as the above.

Build 11123

Released on 27 March 2018

  • windows版
    •  
  • 分布式版

 New features

Secure archival of log files
  • Checksums are now used to maintain the integrity of archived log files, thus helping meet compliance requirements.
Supports Huawei firewall
  • Predefined reports and alert profiles help easily audit security events of Huawei firewalls.
Supports Malwarebytes
  • Predefined reports and alert profiles help in auditing logs from Malwarebytes, thereby improving the threat detection mechanism.

 Enhancements

  • Kerberos has been added as an authentication method for log collection.
  • Removable Disk Auditing now supports more device types.
  • The object access policies enabled by default in an agent have been optimized to reduce log dropping.
  • The IP address of the remote device has been added as a field in file integrity monitoring logs.
  • Permission changes for files are now audited.
  • All logs generated during agent downtime will be collected from the Event Viewer, once the agent recovers.

 Fixes

  • Issue with restarting of the log collector has been fixed.
  • Issue in specifying multiple entries in the fields of database filters has been fixed.
  • Issue in log collection filter for Windows logs forwarded as syslog has been fixed.
  • Consistency issue in deletion events of folders with child objects has been fixed.
  • Sync issue between the admin server and managed servers has been fixed.
  • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Build 11122

Released on 19 March 2018

  • windows版
    •  
  • 分布式版

 New features

  • The correlation module now supports logs from ManageEngine OpManager and Password Manager Pro.
  • Forensic analysis can be performed on the actions of the user(s) and device(s) involved in a successfully correlated event.

 Enhancements

  • Reports of network devices can now also be viewed in the Compliance tab.
  • An option to enable or disable the out of memory alert notification.
  • The mail subject of low disk space and out of memory alerts can be customized.
  • Automatic assignment of alerts to technicians based on alert profiles.
  • An option to delete generated alerts, when deleting the alert profile that they are associated to.
  • Exporting compliance reports has been made faster.
  • The compliance report scheduler has been enhanced.

 Fixes

  • Issue in parsing of File Integrity Message in the alert mail has been fixed.
  • Issue in automatically adding agent has been fixed.
  • Issue which generated alerts with wrong criteria for AS400 has been fixed.
  • Issue in Compliance report scheduler has been fixed.
  • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Build 11120

Released on 7 March 2018

  • windows版
    •  
  • 分布式版

 New features

SQL Server auto discovery
  • which makes it easier to configure SQL servers for monitoring.
Column Integrity Monitoring in SQL Server
  • Track changes in a monitored column including who changed the value, at what time the value was changed, and the database table in which the value was changed.
SQL Server Advanced Audit reports
  • SQL Server Advanced Audit reports provide information on the history of schema and object changes, most used tables, and more.

 Enhancements

  • Auditing can now be enabled only for the selected SQL Server instances.
  • Audit policies can now be created or deleted from EventLog Analyzer.
  • The user interface of the Manage Applications tab has been enhanced for better user experience.

 Fixes

  • Issue in password with special characters entered during the configuration of mail server has been fixed.
  • Issue which added duplicate entries to reports exported in CSV format has been fixed.
  • Issues in parsing and indexing of SolarWinds and Snare logs have been fixed.
  • Cross Site Scripting (XSS) in the search and reports page (CVE-2018-7405) raised by Suresh Khutale has been fixed.
  • Vulnerability issue of remote code execution when uploaded by an agent has been fixed.
  • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Build 11110

Released on 9 February 2018

  • windows版
    •  
  • 分布式版

 New features

  • Supports Barracuda devices: Predefined reports and alert profiles help easily audit security events of Barracuda Firewalls, Web Application Firewalls, and Email Security Gateway.
  • Implementation of slow query graphs for the dashboard.

 Enhancements

  • Provision to customize the subject, content of email, and SMS alerts.
  • Add alerts and manage alerts pages have been enhanced for improved user experience.

 Fixes

  • Issue in handling special characters in Microsoft SQL migration has been fixed.
  • Issue in wildcard search has been fixed.
  • Issue in triggering alerts when the buffer size is reached has been fixed.
  • Issues in parsing Sonicwall signature ID, Cisco Firepower custom fields, and denied traffic in Fortinet have been fixed.
  • Issue in SQL Login Altered report has been fixed.
  • Issue in updating aggregated data in MySQL database has been fixed.
  • Issue which caused multiple UDP ports to listen has been fixed.
  • The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Build 11102

Released on 24 January 2018

  • windows版
    •  
  • 分布式版

 New features

  • Integration with Log360 Cloud
    • The logs collected by EventLog Analyzer can now be stored and managed on a secure cloud platform - Log360 Cloud.

 New features

  • The new features for the Distributed Edition - Managed Server is the same as the Standalone edition (Build 11102).

Build 11101

Released on 12 January 2018

  • windows版
    •  
  • 分布式版

 New features

  • Three new predefined correlation rules that detect suspicious SQL backup, installation of services and software.
  • Logs from syslog and other devices can be forwarded to any server including file servers and Windows servers.

 Enhancements

  • Parsing of new fields in Juniper and Fortinet firewall logs.
  • Support for Snare in the RFC 5424 format.
  • The new features for the Distributed Edition - Managed Server is the same as the above.

Build 11100

Released on 9 December 2017

  • windows版
    •  
  • 分布式版

 New features

GDPR compliance reports
  • Offers predefined report templates to help you easily comply with the GDPR's requirements.

 Enhancements

  • A new report for Juniper application tracking has been added.
  • Mail subject can now be added in the custom report scheduler.

 Fixes

  • The alignment issue in reports exported as CSV files from the search tab has been fixed.
  • The issue in parsing SonicWall botnet logs has been fixed.
  • WatchGuard firewall logs are now parsed.
  • The issue with not being able to view devices in the admin server when the user logs in via AD has been fixed.
  • The issue in displaying the report fields for Oracle devices has been fixed.
  • The issues in parsing the timestamp of imported logs have been fixed.

 Fixes

  • The new feature for the Distributed Edition - Managed Server is the same as the above.

Build 11090

Released on 29 November 2017

  • windows版
    •  
  • 分布式版

 New features

Supports Sophos-UTM, Sophos-XG, and Cyberoam devices
  • Predefined reports and alert profiles help easily audit security events of Sophos-UTM, Sophos-XG, and Cyberoam devices.
  • Provides an option to discover and configure event sources for individual devices.

 Enhancements

  • The mechanism of recording the log flow rate has been optimized.
  • An extra field "Display name" has been added to the pre-defined reports and search section.

 Fixes

  • The issue with parsing of fields for NPS events occurring on Windows Server 2016 has been fixed.
  • Addition of VMware reports for created and deleted VMs (Event IDs: 13002 and 13003).
  • The issue with the Solaris user account management report and SUDO command execution report has been fixed.
  • Issue with populating web traffic reports for WatchGuard has been fixed.
  • The issue with the policy changes report for Symantec devices has been fixed.
  • The issue with exporting reports from the "My Reports" category has been fixed.

 New features

  • The new features are same as in the Standalone Edition.

 Fixes

  • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11080

Released on 17 October 2017

  • windows版
    •  
  • 分布式版

 New features

The Correlation Engine has been completely upgraded to bring you complex attack detection across all devices on your network, enhanced field-level correlation, improved incident reports with timeline view, and much more:

Multiple log format support
  • Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.
Enhanced field-level correlation
  • Correlation can be done based on multiple log field values to provide fine-grained attack detection.
Predefined rules
  • The module is packaged with 25 predefined complex attack patterns.
Custom rule builder

The custom correlation rule builder has been upgraded to include over 250 predefined network actions and advanced filters.

  • Check for unique, constant, or shared field values among the actions that make up a rule.
  • Use multiple comparison conditions for fields, namely 'equals', 'not equal to', 'starts with', or 'ends with'.
  • Create rules for individual log types using specific network actions, or rules common to all log types with generic network actions.
Incident management integration
  • All correlation alerts can be viewed and managed with the in-built incident management console.

 Enhancements

  • The correlation user interface has been upgraded with an all new look and feel, incorporating all the above new features.
  • The time between each individual pair of actions can now be specified when creating a rule.

 New features

  • The new features are same as in the Standalone Edition.

 Fixes

  • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11073

Released on 4 October 2017

  • windows版
    •  
  • 分布式版

 New features

  • EventLog Analyzer now supports WatchGuard firewall devices. Exhaustive reports and predefined alert profiles makes it easier to audit WatchGuard firewall.

 Fixes

  • White space characters that caused issue in mail server configuration has been fixed.
  • Predefined Symantec reports now display graphs.
  • "Windows unexpected shut down" report was not updated. This issue has been fixed now.
  • I18N issue in the device and status tab of admin server fixed.
  • Issue with exporting loaded archives in admin server fixed.
  • Issue with parsed product names in Checkpoint logs fixed.
  • Receiving alerts that logs are not being collected from various servers while they are actually being collected. This issue has been fixed.
  • Display issue with EventLog Analyzer's centralized archive page in Linux has been fixed.
  • Issue with "root" being not accepted as a username in centralized admin server is fixed.
  • Changes made in centralized archives setting page was not saved. This bug has been fixed.
  • Operator access to Syslog Listener Port Settings restricted.

 New features

  • The new features are same as in the Standalone Edition.

 Fixes

  • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11072

Released on 22 September 2017

  • windows版
    •  
  • 分布式版

 Enhancements

  • EventLog Analyzer's security is further strengthened by using unique key to encrypt database for every installation.
  • The solution now correlates the logs from Cisco firewalls with that of the threat feeds and global IP threat database data to instantly detect traffic from malicious URLs and domains.
  • Custom log patterns (or regex patterns) can be created for specific devices and can be saved for future log imports.
  • Symantec Endpoint Protection support is now enhanced with the set of prebuilt reports on successful logons, failed logons, admins added, admins modified, admin deleted and policy changes.

 Fixes

  • Multiple vulnerability issues including XSS, XML injection, authorization issues, and path traversal has been fixed.
  • New entries in registry were not added when databases was changed. This issue has been fixed.
  • All fields in 'Manage Agents' under 'Admin Settings' tab now supports non-ASCII characters as well.
  • IP address of configured devices were not updated properly. This issue has been fixed.
  • Parsing errors occurred when importing multi-line logs. This issue has been fixed.

 Enhancements

  • The enhancements are same as in the Standalone Edition.

 Fixes

  • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11070

Released on 29 August 2017

  • windows版
    •  
  • 分布式版

 New features

  • Transport layer security (TLS) based log collection is now supported.
  • Port management options have been enhanced for better usability.
  • Out-of-the-box support for NetScreen and Checkpoint firewall devices log data. The new version comes with exclusive predefined reports and alert profiles that makes NetScreen and Checkpoint device auditing and monitoring easier.
  • The new version supports Nexpose vulnerability scanner log imports.
  • Exclusive reports for monitoring SonicWall VPN activities comes bundled with the new version.
  • The new version includes predefined reports that provide information on web traffic for Cisco firewall and routers.

 Enhancements

  • External agent support is now being provided for Windows server core machines.
  • TLS 1.2 is used for enhanced agent-server communication.
  • File integration monitoring support has been extended for Windows file servers.
  • It is now possible to get the details of the users who renamed the file or folder in the predefined file integrity monitoring reports.
  • You can now directly apply the self-signed certificate directly from within EventLog Analyzer web-console.
  • EventLog Analyzer now extends the log querying capability to Nessus, OpenVas, Nmap and Qualys vulnerability scanner log data.
  • Reports for "Host migration in vCenters" and "VM Relocated Events" is now provided.
  • Option to search for a specific managed server from admin server console is now being provided.
  • Device display name enhancements has been done.

 Fixes

The following bug fixes are done in addition to a range of minor bug fixes.

  • The issue in displaying host count in the "Home" tab of "Device details" page in distributed edition is fixed.
  • Occasional sync error between managed server and admin server in distributed edition is fixed.
  • Log count aggregation in trend table has been revamped.
  • File integrity monitoring report profile now accepts file extension with spaces.
  • Bugs in Apache report's status code has been fixed.
  • The issue with log format icon in log collection filter profile is rectified.
  • Multiple bugs fixed for Fortinet and Juniper firewalls reports.
  • Bug fix for the summary count in the scheduled file integrity monitoring reports.
  • The Username is now parsed for event IDs 4658 and 4952 in event logs.
  • False alerts for "log collection failure" fixed for syslog.
  • Encoding issue for non-English languages in CSV export reports is fixed.
  • Multiple log parsing issues fixed.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.7 Build 11056.
  • No changes specific to Distributed Edition Admin Server in this release.

Build 11066

Released on 15 August 2017

  • windows版
    •  
  • 分布式版

 Enhancements

Enhanced threat intelligence platform
  • The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
Malicious IP and URL alerts
  • Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

 Enhancements

Enhanced threat intelligence platform
  • The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
Malicious IP and URL alerts
  • Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

Build 11065

Released on 04 August 2017

  • windows版
    •  
  • 分布式版

 Enhancements

  • Elastic Search is enhanced to handle unprocessed files.
  • In the search option, custom fields are pre-populated with values that are previously configured by users.
  • In a current session, if you navigate to other tabs while viewing a specific report, the 'Reports' tab saves the view and shows it to you when you're back.

 Fixes

  • Issues with Cisco parsing have been fixed.
  • Issues in parsing VNC logs from Mac OS have been fixed.
  • The values used in the compliance reports are directly taken from the indices to avoid value mismatch.

 Enhancements

  • The enhancements are same as in the Standalone Edition.

 Fixes

  • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11060

Released on 19 July 2017

  • windows版
    •  
  • 分布式版

 New features

  • EventLog Analyzer now offers exclusive reports and alert profiles for Fortinet device to help to detect anomalous activities, monitor user activities, changes in configuration, and ,more.

 Enhancements

  • EventLog Analyzer supports all SonicWall device log format. Previously, we had been supporting only SonicWall firewall logs.
  • Active Directory user import feature has been revamped for better user experience.
  • Configuring domains and workgroups is made easy with a dedicated log configuration page for the same.
  • The solution can now import AD users at regular intervals using schedules along with provisions to view the schedule history.

 Fixes

The following issues have been fixed:

  • The alert profiles that are being created as tickets in ServiceDesk Plus have been provided with the l18n option.
  • The values for graphical representation in the dashboard is directly taken from the indices to avoid value mismatch.
  • Issue with loading archives in MSSQL Windows authentication has been fixed.
  • The issue with importing users with same username from multiple domains has been fixed.
  • Issue with adding users has been fixed now.
  • When users were moved to different host groups, the change wasn't reflected in the 'All host group' list. This issue has been fixed.
  • Issues with the single-sign-on feature have been fixed now.
  • Importing users from some organizational unit had some issues . This has been fixed now.
  • Authentication of users imported from AD groups didn't happen. This has been fixed now.
  • Technician roles can be assigned to multiple users at one go.
  • Vulnerabilities in 'Keep me signed in' option in the login page has been fixed using dynamic key based encryption.
  • Issues with log collector have been fixed.
  • False positives for Windows device down alerts has been fixed.
  • You can now collect event logs through a fully qualified domain name (FQDN).
  • Issues with index archiving have been fixed now.
  • Issue with searching a renamed device in 'Device' page, has been fixed.
  • Synchronization issues with Admin and Managed server in MSSQL database have been fixed.
  • In File Monitoring Summary page, the device names were not listed, if it's included in the DHCP device list. This issue has been fixed.

 Enhancements

  • Admin servers can now be assigned groups from multiple managed servers.
  • Exact host count was not reflected in the licence page of admin server. This has been fixed now.
  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.6 Build 11060.

Build 11056

Released on 30 May 2017

  • windows版
    •  
  • 分布式版

 Enhancements

  • Reports to track user VPN connections and disconnections on Cisco ASA devices have been added.
  • The 5424 log format is now supported for Juniper devices.
  • Juniper traffic reports have been enhanced.

 Fixes

  • The log collector quit occasionally while parsing Oracle logs. This has been fixed.
  • SSL versions 2 and 3 have been removed.
  • SSL weak cipher suites have been changed.
  • The following vulnerabilities have been removed from several pages of the product:
    • Stored and reflective cross site scripting
    • Cross site request forgery
    • Clickjacking
    • Username harvesting

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11056.
  • No changes specific to Distributed Edition Admin Server in this release.

Build 11055

Released on 3 May 2017

  • windows版
    •  
  • 分布式版

 New features

EventLog Analyzer now comes with an in-built ticket-based incident management system.

  • A separate ticket can be created for each incident, and assigned to any specific administrator for resolution.
  • Includes a provision to add notes, in the ticket, once it is resolved. This makes it easier to resolve similar issues that might arise in the future.
  • Integrates with popular help desk tools – ServiceNow and ManageEngine’s ServiceDesk Plus to allow creation of tickets using them.

 Enhancements

  • The GUI of alerts reporting page has been enhanced for better usability.
  • Users can now configure the alert profiles based on time frames viz., working hours, non-working hour, and even custom time range.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11055.
  • No changes specific to Distributed Edition Admin Server in this release.

 Fixes

  • Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Build 11050

Released on 17 Apr 2017

  • windows版
    •  
  • 分布式版

 New features

EventLog Analyzer supports:

  • Juniper and Palo Alto device logs; offers predefined reports and alert profiles exclusively for Juniper and Palo Alto devices to audit them easily.
  • TCP based log collection for Syslog devices.

 Enhancements

  • New SonicWall device reports have been added for IDS/IPS and under the user account management category.
  • View the top and least values of the log data fields in all the predefined reports.
  • Full support for SolarWinds Windows Log Forwarder.

 Fixes

  • The issue with IBM AS/400 date format has been fixed.
  • AS400 alerts were getting sent for devices not specified in the alert profile. This has been fixed.
  • Shared files and folders deleted via right clicks were not showing in the reports. This has been fixed.
  • The elastic search engine now resets the date in the log message and shows the results for the last 30 days if the start or end time in the log message time stamp exceeds the elastic search engine time range limit.
  • The issue with working of FTP scheduled import option when the file is specified as the root path has been fixed.
  • The issue with the working of Windows Snare agent has been fixed.
  • The issue with the working of log filter for Windows log collection via Snare agent has been fixed.
  • The issues with the update of 'Last Message Time' for devices in the Device Management page have been fixed.
  • The issue with generation of removable disk auditing reports has been fixed.

 Enhancements

  • Managed server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11050.

 Fixes

  • Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Build 11045

Released on 30 March 2017

  • windows版
    •  
  • 分布式版

 New features

  • The 'Settings' tab now has a search option with which you can search for options available in configuration, system, and product settings sections.

 Enhancements

  • The GUI of 'Settings' page has been enhanced for easy accessibility.
  • I18N is now supported for "Log Me" tab.

 Fixes

  • Issues in archiving log data from Elasticsearch index has been fixed.
  • Minor i18n issues have been fixed.

 Enhancements

  • There are no changes specific to Distributed Edition Admin Server in this release
  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11045

Build 11043

Released on 28 Feb 2017

  • windows版
    •  
  • 分布式版

 Fixes

  • The logs processed using SolarWinds logs forwarder was only partially compatible. This has been fixed now.
  • Issue in receiving Cisco logs that represented severity with numbers instead of letters has been fixed.
  • While scheduling reports, filter option wasn't working consistently in non-English user interfaces. This has been fixed.
  • While searching for logs using event numbers, the search bar malfunctioned in non-English user interfaces. This has been fixed.

 Enhancements

  • No changes specific to Distributed Edition Admin Server in this release
  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11043

Build 11042

Released on 9 Feb 2017

  • windows版
    •  
  • 分布式版

 New features

  • EventLog Analyzer simplifies the log collection and device configuration by automatically discovering Syslog devices on your network based on the IP and CIDR range values. SNMP (Version 1) credentials is used for automatic device discovery.
  • The solution also enables automatic log forwarding for UNIX devices with the root credentials.

 Enhancements

  • Email notification option has been provided for the default threat alert profile.

 Fixes

  • The issue with EventLog Analyzer's log collector when the database password is encrypted has been fixed.
  • The issue in updating IBM AS400 password has been fixed.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11042
  • No changes specific to Distributed Edition Admin Server in this release

Build 11040

Released on 6 Jan 2017

  • windows版
    •  
  • 分布式版

 New features

EventLog Analyzer now offers out-of-the-box support for:

  • SonicWall firewall. You can now use exhaustive reports and predefined alert profiles that make SonicWall firewall auditing easier.
  • RFC 5424 log format for Unix and Linux machines.

 Enhancements

  • Syslog data processing performance has been enhanced.
  • ‘Pick device' option has a new filter, 'username', for enhanced usability.
  • CSV files with just two columns can also be imported.
  • For devices that use agent for log collection, "Device down" alerts are enabled.
  • 'Network Logon' event has been included under one of the rules in 'Correlation'.
  • Error message for logon authentication failure events is displayed for firewall devices.

 Fixes

  • Issues with event source based database filter have been fixed.
  • Issue when exporting alert profile into XML format have been fixed.
  • Issues with Run Program Notification Setting in correlation have been fixed.
  • Issue with the SysEvtCol process in Linux-64 bit machine has been fixed now.
  • When alert profile is set up for certain devices in a group, all the devices in that group are included in the 'Devices' criteria. This issue has been fixed.
  • The issue with the 'Archive>Settings' option in Chrome browser has been fixed now.
  • Issues with the administrator and operator privileges for managing alert profiles have been fixed.
  • The issue with 'contains' filter option in log search has been fixed now.
  • Issues with generating File Integrity Monitoring reports for DHCP agents have been fixed now.
  • File or folder rename events were not reflected in File Integrity Monitoring reports. This has been fixed now.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11040
  • No changes specific to Distributed Edition Admin Server in this release

Build 11030

Released on 19 Dec 2016

  • windows版
    •  
  • 分布式版

 New features

  • Auto-discovery of domain and non-domain devices for enhanced user experience in adding Windows devices.

 Enhancements

  • Devices management and configuration has been improved for better usability. You can now check the log collection status, change the log monitoring interval, and enable or disable the device from a single window.
  • FIM events for agent directory folders are excluded by default.

 Fixes

The following issues have been fixed:

  • Archive location path containing special characters has been aligned with Windows standards.
  • XSS vulnerability issue in rebranding and index pages has been fixed.
  • Server has been optimized for FIM folders exclusion to accept several agent requests.
  • JVM crashes no longer occur when importing log files.
  • Changes in filenames are dynamically reflected while updating the schedule.
  • Trend Reports does not reflect event counts with zero logs.
  • The issue with the count in the report export list has been fixed.
  • IP address based device search is now possible.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.3 Build 11030
  • No changes specific to Distributed Edition Admin Server in this release

Build 11025

Released on 17 Nov 2016

  • windows版
    •  

 Fixes

  • The file integrity monitoring template update has been fixed.
  • Working of script notifier in Linux installations has been fixed.
  • Displaying the archive status during archive loading has been fixed.
  • Export report download (due to special character references in the report name) has been fixed.
  • Compliance report graph's drill-down functionality has been fixed.
  • Time criteria for archive report exports has been fixed.
  • Syslog collection has been fixed.
  • The email address field now has a limit of 250 words.
  • We now monitor SSH2 sessions as well for Unix/Linux SSH session reports.
  • If Oracle application log data contains raw commands executed in the database, then that log data will not be categorized under reports.

Build 11020

Released on 26 Aug 2016

Service Pack build 11023 released on 24 Oct 2016

  • windows版
    •  
  • 分布式版

 New features

Threat analysis
  • Without any configuration, automatically get alerted whenever you receive traffic from blacklisted or suspicious IPs.
All new UI
  • EventLog Analyzer now comes with a flat user interface
Monitor log data of EventLog Analyzer
  • Offers the capability to forward EventLog Analyzer's log data (in syslog format) to any source.

 Enhancements

  • Log search engine performance has been enhanced.
  • The product's log trend graph, event category graph and host count variable are now directly loaded from the 'Elastic Search' module so as to facilitate better
  • Now, the report, alerts for the client console uses the local (client) machine's time zone for better interpretation.
  • IBM AS400 BRMS log parsing is now supported.
  • EventLog import for non-english languages is now supported.

 Fixes

  • Alignment issues in 'Settings', 'Hosts', 'Search' and 'Correlation' tabs had been fixed.
  • The log search event count mismatch when hovered over the graph has been fixed.
  • The issue in knowing the exact number of event types in dashboard graphs has been fixed.
  • The issue with triggering action upon clicking 'Calendar' icon has been fixed.
  • Alignment issues in displaying the content
  • The export as report feature was not working for archive search results when using MSSQL database. This has been fixed.
  • Edit report feature under My Reports section was not working when reports were sorted. This has been fixed.
  • When exporting reports in PDF format, username fields above 8 characters were getting truncated. This has been fixed.
  • Some hosts were not getting listed under the Hosts tab due to a data mismatch. This has been fixed.
  • Parsing timestamp from Apache logs has been tuned.
  • The issue in parsing timestamp from ESXi logs has been fixed.
  • The issue in parsing Unix FTP logs has been fixed.
  • When upgrading an agent, if any error is encountered, an error message is now displayed under the Agent Status.
  • Issues causing agent installation and upgrade failure have been fixed.
  • Issues with agent deletion, and agent association when its corresponding host was renamed, have been fixed.
  • The issue in displaying File Monitoring for Shared Deleted Events for Windows 2012 R2 has been fixed.
  • The issue with registering when file monitoring is in DHCP environment has been fixed.
  • The issue with event log skipping after applying Windows anniversary update, or when recordID is wrapped in WMI, has been fixed for both agent and agentless methods.
  • The issue with logon failure when logs are being collected from EventLog Analyzer has been fixed.
  • Script notification under alert profiles was not working in case of space constraints in the installation directory. This has been fixed.
  • Multiple issues with File Integrity Monitoring configuration and templates have been fixed.
  • The issue with syncing after editing Managed Server details in Admin server has been fixed.
  • Logagent quit when path length in File Integrity Monitoring was very large. This has been fixed.
  • The record ID mismatch between multiple hosts in an agent has been fixed.
  • Auditing is now enabled when adding hosts for File Integrity Monitoring, instead of when enabling the username.
  • SQL Injection vulnerability in Hosts tab has been fixed.
  • Session ID getting exposed in Access Log vulnerability has been fixed.

 Enhancements

  • The features, enhancements and fixes are same as in Standalone Edition.

Build 11012

Released on 23 Jul 2016

  • windows版
    •  
  • 分布式版

 Enhancements

  • EventLog Analyzer now provides you with an option to export the generated alert messages.
  • You now have the option to select all the available host groups while creating a report, alert profile, or filter.
  • We have now enhanced the edit, disable, and delete icons available in the alert message section.
  • EventLog Analyzer's calendar will be automatically updated every 10 minutes.
  • You can now edit the report schedules to change the report formats (PDF or CSV).
  • Help card is now added to assist the vulnerability import option.

 Fixes

  • The alignment in CSV reports has been fixed
  • The deletion of original file while importing application logs using Internet Explorer browser has been fixed.
  • Scheduling the predefined reports for large number of hosts has been fixed.
  • The 'Pick host' option in correlation rule filter page has been fixed.
  • The option to disable AD authentication has been fixed.
  • Archive status change in Internet Explorer 11 has been fixed.
  • 'View Per Page' option in 'Hosts' page has been fixed.
  • Selected hosts count in 'the Search' and 'Pick host' feature has been fixed.
  • Feature request link for Log360 has been fixed.

 Enhancements

  • The enhancements are same as in the Standalone Edition.

 Fixes

  • All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Build 11010

Released on 17 Jun 2016

  • windows版
    •  
  • 分布式版

 Enhancements

  • The EventLog Analyzer web client language is automatically set based on the language setting of the browser. Also, the server side language is automatically set based on the machine in which it is installed.
  • Search option added within Pick Hosts option (found in add new report/alert/filter and report schedule pages).
  • vCenter log collection process enhanced in performance.
  • Support for AS400 log collection through secure ports.
  • CEF format support for FireEye logs.
  • 'Message' column added to FireEye overview report.
  • 'Username' column added to following Windows predefined reports: Software installed/uninstalled/updated, Failed software installation due to privilege mismatches.

 Fixes

  • Username was not getting parsed from logs with event ID 104. This has been fixed.
  • Username is now parsed from the object string if not present in log message.
  • The issues in parsing time and source from syslog messages are now fixed.
  • Logs from add-on sources were not getting parsed upon restart of the log collector service. This has been fixed.
  • The issue causing failure in updating logs to the database, due to inaccessible data files, has been fixed.
  • Only Key_Read permission (rather than all permissions) is granted when required to read RemoteRegistry values.
  • Issue with agent-server communication in DHCP environment has been fixed.
  • Log collection status shown as 'Access Denied' if a filter was created which dropped all logs. This has been fixed.
  • The issues causing memory leak due to object access events are fixed.
  • Historic log collection was not occurring for few log types. This has been fixed.
  • Multiple log collector crashes fixed.
  • Invalid log types were queried during the log collection process. This has been fixed.
  • Log indexing was not occurring if device type was changed manually from Syslog to Cisco. This has been fixed.
  • Unnecessary escape characters were added while importing archived logs from PGSQL. This has been fixed.
  • Application log archive files were getting duplicated due to scheduling clash. This has been fixed.
  • Loading status would not be updated when attempting to access an archive file that was moved or deleted. This has been fixed.
  • The issue in using the 'AND' boolean operator in predefined report searches has been fixed.
  • Search page queries with single quotes were not working. This has been fixed.
  • The issue causing failure to refine data by double-clicking host names in reports has been fixed.
  • Application sub tab under Reports was not opening. This has been fixed.
  • Criteria field was missing under edit predefined reports schedule window. This has been fixed.
  • Uploading of log files to database was not occurring if PGSQL database was password protected. This has been fixed.
  • Vulnerability fixes:
    • Guest user could change the admin password. This has been fixed.
    • Reflected XSS and Store XSS vulnerabilities are fixed.
    • Clickjacking vulnerability has been fixed.
    • Username harvesting vulnerability has been fixed.

 Enhancements

  • The enhancements are the same as in Standalone Edition.

 Fixes

  • Centralized archive issue in Admin Server has been fixed.
  • All fixes to standalone edition are applicable to Distributed Edition as well.

Build 11005

Released on 28 Apr 2016

  • windows版
    •  

 Fixes

  • The issue leading to LogAgent crash while decrypting the password for the added host has been fixed.
  • The issue leading to LogAgent crash while decoding the server response has been fixed.
  • The issue leading to LogAgent does when File Integrity Monitoring is set up has been fixed.
  • The issue causing LogAgent memory growth has been fixed.

Build 11001

Released on 7 Mar 2016

Service Pack Build 11003 released on 15 Mar 2016

  • windows版
    •  

 Enhancements

  • EventLog Analyzer and ADAudit Plus have been integrated into a single log management and auditing solution viz., Log360.

 Fixes

  • The issue with edit filter has been fixed.
  • The users can now provide space in the account name while logging into EventLog Analyzer.
  • The issue related to the import action after the field extraction operation has been fixed.
  • The issue with auto upgrade of LogAgent while applying the PPM over 8.0 has been fixed.
  • The issue during the application of SACL from LogAgent for huge folders has been fixed.
  • While applying PPM, the issue related to agent's auto upgrade when domain name is NULL has been fixed.
  • The issue with report zipping when the save type is 'Save Alone' has been fixed.
  • The issue related to parsing of cisco logs when the device type is manually changed, has been fixed.
  • The issue with the log collector stopping the remote registry service of the host from which it is collecting logs, has been fixed.
  • The issue related with the password update while editing the host details has been fixed.
  • The issue related with log parsing when Cisco meraki logs are forwarded from the relay server, has been fixed.
  • File Integrity Monitoring can now record the registry events as well.
  • The vulnerability issue of guest user changing the admin credentials has been fixed.
  • In LogAgent, if the users are providing any other credentials other than administrator, and if they do not have credentials to access the WMI namespace, then log collection will fail.
  • In SysEvtCol, if the local host is added with a user who doesn't have credentials to access WMI namespace, then log collection will fail.
  • The issue related to back up and restoration operation for MS SQL 2012 server has been fixed.
  • During log collection, if a single log is not returned within 2 seconds, then the log collection will be skipped after retrying 5 times with the same interval of 2 seconds.
  • The issue related with the installation of FIM agent after renaming the host, has been fixed.
  • The issue of considering the DB filter string's tab sequence as a space has been fixed.
  • The issue with advanced search criteria not getting updated in the database has been fixed.
  • The time delay with the log collection while applying FIM with user name option on a folder which contains many sub folders, has been fixed.
  • Only image file formats can now be uploaded for rebranding.
  • The issue with html tags injection through error messages has been fixed.
  • Fixed various SQL injection vulnerabilities.
  • Fixed the alert script arguments issue.
  • Fixed the bug related to 'Keep me signed in' option for AD and radius login.
  • Fixed directory traversal vulnerability through URL parameter.
  • Fixed the issue with the import file check for evt files.
  • Restricted non administrator users from accessing other users' data via parameter manipulation.

Build 10081

Released on 12 Jan 2016

Service Pack build 10081 released on 12 Jan 2016

  • windows版
    •  
  • 分布式版

 Enhancements

  • EventLog Analyzer server can now be configured to run in the HTTPS protocol as well. Option to provide the corresponding port numbers is also available.
  • Option to encrypt the Keystore password is now available.
  • You can now set the web session expiry time limit.
  • The solution now provides you the flexibility to change the language of EventLog Analyzer web client, after the solution had been installed.
  • Get to know the status of the report export process with the help of sleek progress bar.
  • We've now provided an option to get administrator credentials during service mode installation.
  • Log collection capability is strengthened to include both log type and time in the query mechanisms.

 Fixes

  • File Integrity Monitoring feature
    • The 'Select All' option in the 'Settings' tab wasn’t working. This issue has been fixed.
    • The 'Back' button issue in the drill down pages has been fixed.
  • The issue related to the inclusion of Japanese, Chinese characters in 'Schedule' names has been fixed.
  • The blank home page issue when the Managed Servers are down has been fixed.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.8 Build - 10080
  • No changes specific to Distributed Edition Admin Server in this release

Build 10072

Released on 5 Nov 2015

  • windows版
    •  

 Enhancements

  • Application Local User Enable / Disable option integrated.
  • Agent Installation error and status messages in the tool-tip.
  • Apache logs common log format supported.

 Fixes

  • Test port not working in SMS configuration in Alerts (due to the page being opened in new window) - has been fixed.
  • Criteria for scheduling Predefined Reports - OR function not working properly - has been fixed.
  • Unix mail server reports - username classified as undefined - has been fixed.
  • Uninstallation of agent with different username (from the username used for installation) not working - has been fixed.
  • Loss of data during transfer from agent due to check-sum error - has been fixed.
  • All check box selection functions have been fine tuned.
  • AllLogsCurrentHourlyTrend and AllLogsHistoricalHourlyTrend are ordered by hour.
  • FIM - Not able to enable username for the directories with space - has been fixed.
  • When same agents are installed, slid is not updated during fresh install in agent side - has been fixed.

Build 10071

Released on 25 Sep 2015

Build 10070 released on 25 Sep 2015

  • windows版
    •  
  • 分布式版

 New features

  • High availability feature has been integrated within the product.

 Fixes

  • Fixed the issue in field extraction that arise while creating more than two fields or whenever a special cha racter is included in the field value
  • Fixed issue with alert delay in case of slow log rate
  • Fixed time stamping issue for syslogs.
  • Fixed the time range selection issue in report and correlation data generation
  • Guest user promotion as Admin by accessing user management page has been fixed
  • Vulnerabilities on session hijacking using cookie value JSESSIONID has been fixed
  • XSS vulnerability in EventLog Analyzer server login page has been fixed

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.6 Build 10600
  • No changes specific to Distributed Edition Admin Server in this release

Build 10060

Released on 29 May 2015

  • windows版
    •  
  • 分布式版

 New features

Supports vulnerability data analytics
  • EventLog Analyzer 10.6 supports log collection and analysis of vulnerability scanners such as Nessus, Qualys, NMAP, and OpenVas.It provides 50+ predefined reports and alert conditions exclusively for vulnerability data analytics that help prioritizing the vulnerabilities and thus help to proactively mitigate security attacks.
Supports threat intelligent solution's log data
  • The latest version of EventLog Analyzer supports log data analysis of endpoint security solutions such as FireEye, Symantec Endpoint solution, and Symantec DLP application. The solution provides predefined reports and alert criteria that helps identifying and containing security threats at the earliest
vCenter log monitoring
  • EventLog Analyzer 10.6 supports vCenter log monitoring. It provides on-the-fly reports and alert conditions that help monitoring vCenter activities such as Datastore changes, permission changes, host changes, Resourcepool changes and more.
Supports GPG13 compliance
  • as EventLog Analyzer now provides out-of-the-box reports and alerts that help HMG organizations comply to GPG13 compliance.

 Enhancements

  • Added new rule to parse the shun-attacks.

 Fixes

  • Fixed the issue of Database folder increase due to improper cleaning of throwaway tables.
  • Fixed Firefox Unix icon display issue.
  • Fixed the issue associated with Universal Log Parsing and Indexing (ULPI) for user specified logs.
  • Fixed the parsing issue with IBM AS400.
  • Issues related to juli log growth and serverout growth had been fixed.
  • emoved weak cipher 'Ephemeral DH ciphers' from the secure connection.
  • Fixed the time order issue on trend reports.
  • Fixed the false disk space alert with remote desktop connection.
  • Issue related to RunQuery.do has been fixed.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.7 Build 10070
  • No changes specific to Distributed Edition Admin Server in this release

Build 10000

Released on 23 Jan 2015

  • windows版
    •  
  • 分布式版

 New features

  • Log collection and processing rate has been improved to 10x from the previous mark. EventLog Analyzer version 10 and above can handle 20,000 logs per second with the peak log handling capacity of 25,000 logs per second
  • 1000+ out-of-the-box reports for security, compliance and operations needs
  • Enhanced real-time event response system with 600+ predefined alert criteria for Windows, Linux/Unix, Applications and Network Device environment.

 Enhancements

File Integrity Monitoring
  • Ability to filter critical changes to files/folders based on the file type
  • Ability to display the process name and domain name in file integrity monitoring reports
  • Option to enable and disable File Integrity Monitoring
  • Addition of more default templates
  • Ability to save/edit alert and report enhancement with option to select User Name & Change Type
  • Ability to drill down the file integrity monitoring report graph
  • File attribute changes and ownership changes are now being captured under critical file/folder changes
Search
  • Ability to save the search results as alerts
  • Inclusion of auto suggestions for field values
  • Sorting of the index data for improved search performance
Correlation
  • Custom correlation rule builder that allows to create pattern based alerting by selecting the existing correlation rules
  • Ability to specify the threshold limits for each rule in the defined pattern.
Session Activity Changes
  • Added Duration and Log off time fields at 'Session Activity' page
  • Ability to search through the session activity reports
  • Session activity reports can now be saved

 Fixes

  • Fix to enabling AD authentication issue while importing user from AD groups.
  • Fix to the search pagination issue
  • Vulnerability fixes - URL Injection
    • Authentication problems
    • Database injection
    • Stored password encryption changes
    • Agent zip extraction
  • Fix to the User based and iSeries User based Reports breaks while exporting with no user name in the database
  • Fix to the PDF export issue that occurred after mouse hover search from Custom Reports, while exporting all the events instead of filtered events.
  • Fix to Event ID based direct export breaks when severtity parameter is not appended in URL
  • Custom alert 'Not Equals' was not working for option 'Type'. This issue was fixed.

 Enhancements

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.0 Build 10000
  • No changes specific to Distributed Edition Admin Server in this release

Build 9000

Released on 23 Apr 2014

  • windows版
    •  
  • 分布式版

 New features

  • Real-time Event Correlation
    • Real-time correlation for proactive threat management
    • 50+ out-of-the-box correlation rules on various categories viz., File Management, Group Management, Authentication, Authorization, Audit Policy, Software Management and more
  • Out-of-the-box reports for ISO 27001:2013 Standards
  • Supports Terminal Server Log Analysis out-of-the-box
  • Supports EventLog Analyzer user audit trail

 Enhancements

  • File Integrity Monitoring
    • File Integrity Monitoring reports now include the name of the user who made the change
    • Modified File Integrity Monitoring Report page
  • Field Extraction for SFTP application log import is now added
  • Archive encryption using AES 256 algorithm is now supported
  • Supports EventLog Analyzer user audit trail
  • Reports Enhancements
    • Performance of Report Extraction in PDF and CSV format is enhanced
    • Summary details for User Based Reports is now included
  • Adding Hosts
    • Supports import of host list from a CSV file
    • Existing hosts that are added will be automatically hidden from the Pick List Window
  • Customize Notification settings
    • Supports sending notification only once and pausing the notification for a day/week/month

 Fixes

The following issues have been fixed in this release:

  • In predefined compliance alert profile creation can now have the Windows 2008 type event IDs
  • EventLog Analyzer version 9.0 can now handle the string '\' in Log message fields of reports, alerts and filters
  • Issue with the resetpwd.bat file in troubleshooting folder is fixed
  • Out of memory error during log import is fixed
  • 'Notes' field in the Custom Report Creation wizard now has the character limit of 250
  • Issue with the specification of multiple log messages separated by a comma, in report creation wizard is fixed
  • Issue with the working of Radius Authentication is fixed
  • Supports syslog import with 'Automatically Identify' option
  • Issue in log import schedule for a multiline log is now fixed
  • Issue in archive purging of Postgres database is fixed
  • 'Advanced Alert' option in 'Custom Alert Profile' creation page
    • Supports specification of multiple Event IDs separated by a comma
    • Supports alert criteria edit even if the criteria is specified within double quotes
  • Issue with updation of SQL information in ChangeDBServer.bat file with $ in the password section is fixed
  • Specific Scheduled AD User import issue is fixed
 

 Enhancements

GA release of EventLog Analyzer Distributed Edition.

  • Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 9.0 Build 9000
  • No changes specific to Distributed Edition Admin Server in this release
 立即试用我们的最新功能!
下载服务包

做我们的代言人

 

告诉我们您的故事

填写简单的案例研究并赢得令人兴奋的礼物。

现在做!
 

倾听您的反馈

您能花点时间为我们写一篇评论吗?

是的,我很乐意
 

成为我们优先客户

在我们发布它们之前,您可以独家访问我们的 beta 版本。

现在订阅

您可知道?

  • 免费版和付费版有什么区别? 

    EventLog Analyzer 的免费版仅限于处理来自最多五个日志源的事件日志,而独立版和分布式版本可以分别处理来自 10 - 1,000 个日志源和 50 - 无限数量的日志源的事件日志。

  • 试用版有什么限制吗? 

    试用版是 EventLog Analyzer 独立版的全功能版本。试用期到期后,EventLog Analyzer 会自动退回到免费版。

  • 我是否必须重新安装 EventLog Analyzer 才能从免费版升级到付费版? 

    不,您不必重新安装或关闭服务器。您只需上传新的许可证文件。

活动

我们迫不及待地想见到您!

接下来的活动
 

资源

获取由我们的专家策划的最新电子书、白皮书和视频

立即获取资源
 

专家讲座

我们揭开了网络安全的神秘面纱。深入阅读这些简单的内容,并在您的 IT 安全活动中处于领先地位。

带我去那里