Release notes 2021-11-18

Avatar
Erik Torlén
Follow

LogPoint & Azure Sentinel integrations 

We are happy to announce new SIEM integrations that are available for LogPoint and Microsoft Azure Sentinel. Both these integrations allow you to get a continuous data integration from Security Center into these two SIEM systems automatically. The SIEM systems will ingest Security Center asset and vulnerability severity data which can be correlated with all other data in the SIEM.

Microsoft Azure Sentinel uses a data connector that is purpose-built for Security Center. By adding, configuring, and enabling this data connector you can start ingesting data from Security Center. 

LogPoint offers a native integration to Security Center that can be enabled and configured directly from within the product. 

Please notice:
Both these integrations will be available in Q4 2021 as a part of a product release from each vendor (Microsoft and LogPoint). We can't tell exactly when this will happen.

Microsoft Sentinel integration in Azure Marketplace 

Updated retention policies

As our customer base grows, we work on several projects to improve platform performance. One part of this project is to update our data retention policy.

In our upcoming product release, we will make changes to our data retention policies. These changes will impact how long data is retained and stored for each Security Center and Organizer account. This policy update should not directly impact your current workflows as we still retain data for an extended period of time where you will still be able to follow trends over several years.

  • Continuous Monitoring alerts: stored 12 months
  • Activity log: stored 18 months
  • Vulnerabilities, scans, and reports: stored 36 months
  • Trends data stored:
    • Daily: 36 months
    • Weekly: 5 years
    • Monthly: 10 years

Other improvements

  • Security Center has received several improvements across the user interface that improves the user experience in areas like the dashboard, remediation, scans, and reports.
  • Filtering on the severity in Asset Manager is now available for network assets.
  • Deleting policy scan profiles is now working properly.
  • Single sign-on using SAML 2.0 now supports Identity Providers (IDP) configured with multiple certificates.
  • The new web scan engine (version 2.0) supports an enhanced collection of debug logs that will speed up troubleshooting by our Support Team. This is available for external scan nodes only.
  • Additional data columns have been added to the exported CSV for reports.
  • Error messages for Policy Scans have been improved.
  • Session timeout in Security Center and Organizer has been increased.
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.