It’s time to introduce the new version of Energy Logserver 7.7.0, which continues to evolve in several parallel directions. In the area of improvements and ergonomics, a significant change has been introduced to make creating alert rules easier for users.
The “Alert Wizard from Discovery Tab” is a new button on the application screen that instantly creates an alert rule based on the data currently being analyzed by the operator. The alert rule wizard ensures the analysis time is maintained and suggests notification thresholds depending on the number of documents and the query performed by the user.
It is also worth noting the continuous development of the tool in the area of AI algorithms. That’s why we are introducing a new import and export feature for named objects, called AI Use Cases, in the Empowered AI module. This is an important change that will continue in version 7.8.0 with the integration of AI Use Cases Market.
Soon, ready-to-use, pre-trained detection methods leveraging AI algorithms for identifying specific behaviors in logs and network traffic will be available on our website.
Significant changes have also been made to the Archive module. Previously, the rule responsible for moving data to the archive ensured that archived data sets were always available. This was a useful mechanism in cases where an archive file was damaged (e.g., due to disk failure) while log data remained in the indexes. In such cases, Energy Logserver would automatically restore the missing archive.
However, this feature prevented manual relocation of archive files outside the local filesystem. To address this, we introduced a modification that allows operators to define this behavior when creating an archive rule: “Recreate missing files” (default: false).
Additionally, we have implemented several improvements in the archive module to enhance its efficiency in handling massive datasets.
Energy Logserver, operating across various clients and countries, constantly faces new challenges. One of the most common issues, a historical IT problem, is lack of disk space. For many operating systems and databases, reaching 100% disk usage can be catastrophic. It’s no surprise that in such cases, Energy Logserver cannot function properly.
In version 7.7.0, we have introduced a safeguard to prevent data indexing from reaching 100% capacity. Not only has document reception been limited, but log generation processes have also been controlled. Furthermore, even in extreme cases where the database is fully blocked, we have implemented a modification that allows the system administrator to log in safely and perform data cleanup operations.
A key area of continuous development is expanding integrations with various data sources. As part of this effort, we now provide official support for the StormShield platform. The term “Integration” encompasses a set of parsing rules, data presentation dashboards, alerts, retention policies, and AI algorithms.
When working with Energy Logserver 7.7.0, it’s also worth exploring the refreshed UEBA screens, where data has been enhanced with AI-powered analytics for deeper insights and improved security monitoring.
These are the main changes in the product. For the smaller updates, it’s best to check out the details at: https://kb.energylogserver.com/en/latest/15-Release_Notes/15-Release_Notes.html.
Big thanks to the Energy Team! Great job!