Q2 SentinelTrails Release Notes

SentinelTrails Dashboard

In keeping your critical data safe at scale, we constantly strive to expand the capabilities of our product and make your experience flowless. We are happy to announce the features that we have added to our SentinelTrails product in the current quarter. As we do our releases twice a week, instead of publishing release notes for each release, we give you a quarterly overview of all new features.

SentinelTrails Q2 Service Features Update

Machine learning anomaly detection

We have rolled out our machine learning anomaly detection based on the Isolation Forest algorithm. The premise of the algorithm is that a small fraction of events are anomalous which reduces the risk of false positives.

Kubernetes integration

You can now connect your Kubernetes cluster audit log to SentinelTrails, which serves as a audit log backend. That way you have full visibility and integrity protection on your Kubernetes audit logs, as opposed to storing them unprotected locally.

IP Whitelists

You can now configure IP whitelists for API and dashboard access, limiting the use of the application only to your corporate network. We think that every SaaS solution must have this option as it is an important security measure

Application data export for predefined periods

We have extended our export and archival functionality to make it more flexible and allow period-based exports from a given chain.

Extraction of params from body

In case the audit log event is sent in raw form, you can designate XPath or JsonPath expressions to extract certain parameters and store them for indexing, including the default fields like actorId, action, entity.

Extended our Partner API for full control

Our partner API was expanded to allow partners to fully integrate their solutions and manage their customers that are making use of SentinelTrails functionality

Improved alert rule wizard UI

We have improved our rule-based alert wizards to make it easier to configure statistics and correlation rules

PostgreSQL audit log support

The agent now supports pg_audit as well as trigger-based audit logs in PostgreSQL

Hashicorp Vault logs support

 HashiCorp Vault is an important part of many companies’ infrastructure and its audit log is one of the most important aspects; however, by default, it isn’t protected – our agent can now be used to forward Vault audit logs for protection by SentinelTrails

Hadoop security logs support

We added support for Hadoop security logs in our effort to provide out-of-the-box support for popular platforms

Extended Oracle support

We have improved our Oracle audit log support by allowing more flexible configuration

Original event timestamp 

The agent now sends the original event timestamp (if it’s available) for storage in the backend; we normally rely on the server timestamp, however in some cases it makes sense to store both timestamps and be able to search by specifying either of them

We at LogSentinel highly value your feedback and we would be happy to take into consideration any suggestions or comments you might have, so we encourage you to contact us today!

If you still have not tried SentinelTrails, but you are interested in protecting the integrity of your critical data with no compromise, book a demo and we can show you how:

Like this article? Share it with your network!