Today we are excited to announce Graylog Illuminate v1.4.

This release includes the addition of Office 365 content, which provides deeper visibility into Azure Active Directory and Exchange Online logs along with new alerts for a more granular level of notifications.

NEW: OFFICE 365 CONTENT

The new Office 365 content focuses on Microsoft Azure AD and Exchange  Online. This is especially useful when you are running hybrid deployments.

Illuminate o365 Overview Dashboard

 

This new content gives you deeper visibility into Azure AD logs.

Illuminate o365 Events

 

Focusing specifically on email senders, attachments, viruses, as well as normal account lockouts presented in Illuminate authentication dashboard for enriched local data such as firewalls and endpoints (i.e., anything not in Microsoft cloud.)

Illuminate o365 Exchange Dashboard

ADDED: WINDOWS AND GENERAL ALERTS

Illuminate Core comes with three new alerts:

Windows

  • Security event log clearance
  • Failed logon failed due to accessing unauthorized host

General

  • Logins from different countries in a time window

IMPORTANT NOTE

For those using Illuminate for Windows devices, this will be the last release of Illuminate that contains “copy” normalization rules. Any existing Windows content that relies on the copy functionality will not function with future versions of Illuminate. Please contact Graylog Technical Support if you have any questions about the deprecation of the “copy” normalization content and/or functionality.

BUG FIXES

  • Windows Spotlight: Fixed issue with improper categorization of Windows Kerberos events (#92,#92)
  • Windows Spotlight: Rename metric in Account Drill Down / Summary / Network Bytes Over Time (24h) #75
  • Events Spotlight: Provided replacement alert “Illuminate:Events:3;Windows:Multiple accounts Locked Out” (previous version had incorrect field)
  • Core: IP Processing pipeline now identifies IPv4 loopback addresses (#88)
  • Windows Normalization for NXLog: Nxlog 2.1 should instead be nxlog 2.10 #84
  • Rename Illuminate objects to drop “Graylog” #80
  • Palo Alto URL filtering dashboards aggregate based on previous URL category field #93

 

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.