Log StreamLog Stream Release Notes

Parser Dependency Visibility

A new Dependencies column has been added to the Log Stream Parsers Overview tab to provide feedback about the quality and completeness of parsers that are ingesting detection events. For easy reference, this information is available as part of the parser list so there's no need to enter individual parsers to discover missing fields or detection rules.

Currently, this feature is available only if you have the New-Scale Analytics license.

For more information, see Parser Dependencies in the Log Stream Guide.

Manage Enrichment Rules

A new Enrichments tab has been added to Log Stream to provide access to view and manage enrichment rules. These enrichment rules are applied automatically as part of the process to enrich parsed event logs with contextual data. The new tab includes lifecycle information about the available enrichment rules, options to enable and disable specific rules, and the ability to view and edit the configuration details of each rule. You can also export rules and import new rules from other environments.

Currently, this feature is available only if you have the New-Scale Analytics license.

For more information, see Enrichments in the Log Stream Guide.

Filter and Route Events

A new Event Filtering tab has been added to Log Stream so that you can filter which events should be routed to the New-Scale Analytics detection engine or to the Attack Surface Insights application. This filtering allow you to fine tune which events or types of data are leveraged for detection and for Attack Surface Insights. The new tab provides information at a glance about the volume and types of event data the filters are routing, either to the New-Scale Analytics detection engine or to Attack Surface Insights. The tab also provides access to define and edit the filters.

Currently, this feature is available only if you have the New-Scale Analytics license.

For more information, see Event Filtering in the Log Stream Guide.