What’s New in TeskaLabs LogMan.io v25.28¶
In LogMan.io v25.28, you'll find brand new alert management and color-coded layers in the Library. We are continuously extending integration possibilities, and there's also a gift for admins: All data retention can be managed from the WebUI, either selectively through Event Lane declarations or through Profiles that manage multiple or all datasets at once.
Alert Management reworked¶
LogMan.io comes with significant enhancements in alert management. New features will be gradually released in 2025, providing advanced functionality for SOC analysts. Alerts are triggered by detections and correlations or created manually. Each alert contains a set of attributes that help with quick triage. It is easy to list all events associated with the alert and track the progress in the timeline of each ticket. Sorting and filtering tickets is intuitive, and bulk update options are available.
More Library layers and role based access¶
The Library is the admin heart of LogMan.io. Declarations of all kinds that fine-tune the functionalities of LogMan.io are stored there. Thanks to the concept of layers in the Library, you can combine content delivered and managed by TeskaLabs cybersecurity specialists with your custom setup. Each file and folder is displayed with one or more colorful rectangles indicating the layers. Each file can be present in multiple layers, but only the top layer is "visible" and applied. Removing the file from the top layer restores content in the deeper layers.
- The top turquoise layer is the "tenant" layer. This content is "visible" and used only in this tenant.
- The middle purple one is the "global" layer. It is the content managed locally, but applicable to all tenants.
- The lowest layer is dark blue and contains managed content, which may be updated during LogMan.io upgrades. The dark blue layer at the bottom is uneditable; it can only be overlaid.
Moreover, access to Library files now uses RBAC (role-based access control) down to the level of a single file.
These changes are part of the strategy to let users customize the content and functionality of LogMan.io depending on their roles and selectively to their tenant. This is an especially valuable improvement in LogMan.io SaaS.
Integration enhancement¶
LogMan.io is an open platform. This means your data is not "locked" inside, and you can integrate LogMan.io with other services. Original events, parsed data, or complex events can be forwarded to other tools for further processing or analysis.
You can now filter the data to be redirected using SPLang, a declarative language that gives you unlimited possibilities for selecting just the events of your interest.
Simplified data retention management¶
Balancing flexibility and configuration complexity is a common burden for admins. LogMan.io is flexible regarding the requirements for the underlying hardware. It can run on-prem in a geo-cluster as well as a single node in a small VM. LogMan.io comes with default settings that respect Czech legislation and benefit from our long experience with on-prem installations.
Scaling down or up is now easier than ever. All data retention settings can now be managed from the Event Lane declaration in the Library. This means data retention can be managed per Event Lane.
Moreover, there's a new section in the Library called Profiles. Imagine these as "extensions" of the Event Lane declarations. Each Event Lane declaration can be linked to a Profile. One Profile can be assigned to multiple Event Lanes (or to all of them). In this way, you can configure data retention globally or for selected groups of data. Event Lane declaration overrides the Profile if there are any overlapping configurations. You'll find a Default Profile in the Library that sets the default "factory settings."
Sending mails through Microsoft 365¶
Besides the SMTP protocol, emails can be sent via the Microsoft 365 API. This simplifies configuration and speeds up deployment of LogMan.io, as it is a service available in many organizations.