Logtrust Broadens Data Delivery, Security and Search. V 5.1.2
Logtrust now supports sending data directly via http(s) by use of a token. This token is managed within the Logtrust platform from Administration>Credentials>Http tokens. With this feature, Logtrust users can define target tables using wildcards and have the ability to validate and centrally manage tokens with the platform. So, what’s a new use case that a Logtrust user might enable for their company with HTTP Sending? Mobile and IoT are good examples. With HTTP Sending users can enable log sending in any number of scenarios - for example, from an application, mobile device and any smart or IoT device. If you are interested in enabling HTTP Sending, we have included code snippets in the documentation to get you started.
Logtrust is committed to supporting industry standards around security and data access. With this release, Logtrust can now implement the Security Assertion Markup Language (SAML) standard to perform delegated authentication. SAML ensures the authentication and authorization exchange of data between parties (identity and service provider, for example). Single Sign-on (SSO) is the most prevalent use case for SAML Integration. Customers that implement an identification provider (Google, Okta or OneLogin, among others), can now login to the Logtrust platform via SSO.
In the never-ending hunt to find nuggets of insight within data, we have made improvements to our Global Search, Search box and Event Flow management. For Global Search, in domains where Global Search is enabled, Logtrust now keeps search criteria when you drill down into the next level of detail of the data set. For example, it is now possible to do a search on all data and execute that same search on a subset of that original search – the search data is retained for you.
Additionally, we have enabled Contextual Help within the Global Search function. With this release, within Global Search, your full search expression is shown and contextual help (a pop-up screen) is available to explain the search syntax and give you examples to complete your search.
Finally, we have added the ability to ensure real-time event flows as default. Within the platform a new account preference is enabled to set the default behavior for the “Real-Time Flow” preference switch. This feature is all about speed: enabling real-time event flows within queries ensures fastest access to the latest (real-time) data sets within the Logtrust platform.
We are thrilled to be delivering enhancements to our data delivery, security and search capabilities within the Logtrust platform. We believe these improvements bring enhanced speed, mobile and IoT access, SSO ease of use, and search features that will drive further data insight and analysis for users of the Logtrust platform.
ASILO (Aggregation Stored in Logs)
All the aggregation back end technology has been moved from MONGO DB to Logtrust technology. This means that whenever an aggregation task (aka, datasource or casperable) is created is not stored in Mongo anymore but in a LT table. This represents a major shift in the architecture that will allow better scalability, performance and reliability. There is little change or none from the customer perspective but massive in the internals.
New first steps Look and Feel
New Look and Feel of the first steps page, including links to ”send your first data” and “sample data injection. The objective is to have a clearer call to action for new customers when they first land into the app.
Sample data injection
Demo data sets available for customers to start extracting value out of Logtrust asap. This will come along a documented use case.
New Social Intelligence interface
Total overhaul of the social intelligence pages, making it easier to use.
New query Management tool
Help domain administrators to manage the running queries.
Include dots and lines in graphs
Ability to mix lines and dots in the same graph.
Automatic detection of Browser Exhaustion In Loxcope
In scenarios where the amount of events is too big for a human being to read and for the browser to cope with the app auto adjusts.
New links to doc
New links to doc all over the app.
Queries tooltips (v5.0)
Ability to see query’s linq in a tooltip in favorite and last queries.
Ability to download an existing lookup as a csv.
New finder edition mode
The edition mode has been completely overhauled to improve its usability when there is a big amount of tables to manage, as it now allows to select/deselect multiple tables at the same time. It also implement clearer call to actions and a sleeker UI.
Odata Informative message
To avoid misusage of Odata a warning message is included in the feed creation.
Copy/Paste Icon in API Key/Secret
Copy/Paste Icon in API Key/Secret to enhance usability
Alerts filtering simplified
Two levels / not three.
Usability improvements in Injections
To avoid confusion when sending to other domains.
Finder (search) improved performance (v5.0)
Improved response time when opening the ”Search Data” option so the tables list appear way faster.
New Enhanced Voronoi : New capabilities and configuration options
UI Coherence tasks: UI improvements in empty screens, old forms removed, headers look and feel unified
Improvements on Windows Agent
Improvements into KakFa / Hdfs connectors
Complete technical refactor on Alerts Functionality: Bug solving
Menu names change: Data Search, Data upload, Data Management…
The charts now provide the possibility to apply two different styles, dark and light, besides a new set of switches to enable/disable layout settings as the chart type and the graph options.
The options are accessed by clicking on the “brush” icon in the upper right corner
Should you want to apply these settings to other charts visible at the same time this can be done by clicking “Apply settings to all”
Additionally other enhancements have been applied as for example the ability to move signal between boxes and reorder signals within the same box.
And (this applies to all widgets) you can move the widget around in the case you need room to operate and see the data but without losing it as it happened in the past.
Refresh frequency selection button
A small improvement for panels. A selection button has been included into panels to choose which refresh frequency you want your the panel, either the grouping period used in the query or the last available period in the platform.
OData/API feeds management
A new management area for Api and OData feeds is now available. Customers now will be able
to fully manage their feeds, including filtering by feed, change their status (enabled/disabled),
change their authentication type, description name, etc.
Another main update and improvement is the ability to identify the feeds when they are
created and select the authentication type so we can address all the different use cases from
the different OData consumers.
PDF export in Dashboards
Now it is possible to download as a PDF a given Dashboard
It will give the possibility to select which widgets in the dashboard will be displayed in the
Now it is possible to set up an alert when the number of events of a given source is not
sending data or under a certain threshold.
Several improvements in chart widget usability
Information pop ups shown in multiple graphs opened
Drag, drop and order of the tags
Bug solved on widgets not being recoverable when they are moved off limits
Short cuts to make the Mark Graphs
When select rows in datatable mark in graphs with a "flag" with "stairs" style
Ability to save graphs into a png
Order in tooltips
Double click in graph signals (labels) must disable this signal
In graphs when x position dont have value the line must break not go to 0
Toolbar added in windows
Ability to maximize the window
Improvements on Send Data from Local/Dropbox
Support of windows file formats
Preview of unmatched lines during file evaluation task
New date formats added
New security feeds
We have added in selected domains new lookups that contains information about malware and fraud threats based on a given IP. This information is gathered daily from public OSINT (Open source Intelligence) sources providing a rich source of information that can be correlated with events going well beyond the current “reputation IP” available operations. By now this lookups are only activated on demand on selected domains. Should you need their activation please contact us.
We now allow to upload files directly to Logtrust either from your Dropbox account or from your local file system (with a 20MB limit). You will be able to either upload files to start using Logtrust or to perform one-off analysis that require no continuous data ingestion. This new feature both enables you to use the current date as the event date or to select a date included in the log itself, supporting a big set of different date formats.
Topological view with Live Tiles
A new powerful tool has been added to complement the current finder. The tool will allow the creation of “panels” which will represent graphically a system infrastructure or process flow or whatever relationship that needs to be graphically represented. Once this is plotted each node of the panel can be linked with a query and/or an alert. This will provide a powerful high level tool to manage more complex architectures and its inherent relationships. Additionally you can include ?live data in the panels so you can track a given metric/status for analysis or surveillance.
Default finder in User Role creation
You can now associate a Default Finder when creating a new User Role.
Lookups restriction by table
It is possible now to restrict a lookup to be used only from certain tables only.
New operations available.
New Graph Widget configuration capabilities + new options
A new way to set the graph up has been implemented to compose more complex representations and make it more customer friendly. Now a graph is used to configure the final graph including the option of setting bidirectional relationships, indicate that node types are equal, making more obvious the latitude and longitude properties.
The way to introduce the metrics has also been redesigned to make it more appealing. And now the color of the nodes can be changed as well the icon appearance.
Improvements on ODATA
ODATA feeds have been improved with the following enhancements:
- Ability to indicate relative dates
- Ability to process in streaming
- Boolean data types added
- Fixes with some data types
- Improvements on memory usage
- Basic authentication on feeds
Now it is possible to define an alias for a given table and use the finder using Alias from that moment on.
Filter tables by activity
We have added the capability of hiding tables from the finder without activity for a given time period.
Secured OData feeds
The OData feeds will now have basic authentication. The default credentials will be set from Preferences > Account Preferences > API
Multi Factor Authentication
Now it is possible to enable Multi Factor Authentication (MFA) as an extra security mechanism on top of the current username and password validation. Using any of the mobile compatible applications you'll be prompted to enter a temporarily generated code to enter to your Logtrust account. This can be configured in Preferences, Account Preferences.
New smart table headers
Some of the tables across the app have a brand new header that allows to filter and sort at column level by just either clicking on the funnel icon or the up-down arrows. The sort mechanism is particularly handy as it allows to go to the last record without having to scroll down in a large set of data. Updates in Graph widget now it is available: a new option to compute node sizes as max(sum(incoming links), sum(outgoing links)) , new setting to specify links curvature. New map mode setting to show/hide unpositioned nodes, new setting to specify initial mode (graph or map), numbers use SI suffixes (K, G, M) by default now, limbo area is now delimited with a visible rectangle and a title.
New relays creation page
The relay creation page has been simplified and improved. Additionally the non valid options (Cloud relay and Secure sending) have been removed.
My.App tables creation
From now on the my.app tables are created automatically, and the formatting emails are not sent unless this is requested proactively by the user.
Union and injections now available in all domains
The union operation as well as the data injection capabilities are now available in all domains.
New Widget “Graph Diagram”
A new widget has been included in the product, by now only in the query area. It allows to graphically represent the relationship between nodes of a given type as, for example,the relationship between source and destination IPs in a web traffic log file. Additionally, if location information is provided to each of the nodes, the given graph can be overlapped on a map to get a graphical representation adding the location value to the nodes’ relationship.
New widget “Time Heatmap”
A new widget named “Team heatmap” is added to the product. Given a time analysis period and a time aggrupation a matrix is produced representing each cell the density of a given value with a color scale. This new widget is available both in the query area and in the dashboard