In keeping your critical data safe at scale, we constantly strive to expand the capabilities of our product and make your experience flowless. We are happy to announce the features that we have added to our SentinelTrails product in the current quarter. As we do our releases twice a week, instead of publishing release notes for each release, we give you a quarterly overview of all new features.
SentinelTrails Q2 Service Features Update
Machine learning anomaly detection
We have rolled out our machine learning anomaly detection based on the Isolation Forest algorithm. The premise of the algorithm is that a small fraction of events are anomalous which reduces the risk of false positives.
You can now connect your Kubernetes cluster audit log to SentinelTrails, which serves as a audit log backend. That way you have full visibility and integrity protection on your Kubernetes audit logs, as opposed to storing them unprotected locally.
You can now configure IP whitelists for API and dashboard access, limiting the use of the application only to your corporate network. We think that every SaaS solution must have this option as it is an important security measure
Application data export for predefined periods
We have extended our export and archival functionality to make it more flexible and allow period-based exports from a given chain.
Extraction of params from body
In case the audit log event is sent in raw form, you can designate XPath or JsonPath expressions to extract certain parameters and store them for indexing, including the default fields like actorId, action, entity.
Extended our Partner API for full control
Our partner API was expanded to allow partners to fully integrate their solutions and manage their customers that are making use of SentinelTrails functionality
Improved alert rule wizard UI
We have improved our rule-based alert wizards to make it easier to configure statistics and correlation rules
PostgreSQL audit log support
The agent now supports pg_audit as well as trigger-based audit logs in PostgreSQL
Hashicorp Vault logs support
HashiCorp Vault is an important part of many companies’ infrastructure and its audit log is one of the most important aspects; however, by default, it isn’t protected – our agent can now be used to forward Vault audit logs for protection by SentinelTrails
Hadoop security logs support
We added support for Hadoop security logs in our effort to provide out-of-the-box support for popular platforms
Extended Oracle support
We have improved our Oracle audit log support by allowing more flexible configuration
Original event timestamp
The agent now sends the original event timestamp (if it’s available) for storage in the backend; we normally rely on the server timestamp, however in some cases it makes sense to store both timestamps and be able to search by specifying either of them
We at LogSentinel highly value your feedback and we would be happy to take into consideration any suggestions or comments you might have, so we encourage you to contact us today!
If you still have not tried SentinelTrails, but you are interested in protecting the integrity of your critical data with no compromise, book a demo and we can show you how:
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.