2026¶

March 16, 2026
in Detection, Baseliner
5 min read

Vector baselines and host behavior

Most security monitoring focuses on what happened, such as a failed login, a new admin, or a suspicious process. That approach is useful, but many strong warning signs do not come from one event. They come from a change in how a host behaves over time. When normal behavior starts to shift, that is often where analysts first see a real problem forming.

Vector baselines solve this by learning the usual shape of activity for each host and then detecting when that shape changes. Instead of writing and tuning many static thresholds, you let the system learn what is typical for each machine. The key question becomes simple and practical. Does this hour look like what this host usually does?

March 16, 2026
in Detection, Baseliner
5 min read

Vector baselines: spotting when a host starts to behave differently

Most security monitoring focuses on what happened: a failed login, a new admin, a suspicious process. But some of the strongest early warnings don't come from a single event—they come from a change in how a host normally behaves. When that "normal" shifts, you want to know.

Vector baselines are a way to learn each host's usual "shape" of activity and flag when that shape changes. No fixed thresholds, no long lists of event codes to maintain. Just: this hour looks nothing like what this machine usually does.

February 18, 2026
in Release Notes
5 min read

What’s new in TeskaLabs LogMan.io v25.47

Release date: 16.02.2026

LogMan.io v25.47 introduces a complete redesign of the Observability interface, featuring intuitive point-and-click customization for Dashboards, Homepage, and Discover screens. This release also delivers significant performance improvements with an optimized row lookup algorithm and faster event replay capabilities.

You can find the full changelog on TeskaLabs GitHub.

Redesign of Observability

Dashboards, Homepage, and the Discover screen have undergone a complete redesign. They now enable easy customization through intuitive point-and-click interactions, eliminating the need to write declarations in Library. Users can now quickly and conveniently adapt the interface to their needs directly within the application.

Optimized Row Lookup Algorithm

The row lookup algorithm has been significantly optimized, improving its time complexity from O(n) to O(1), where n represents the number of historical records. This enhancement dramatically reduces lookup times, especially when dealing with large datasets, resulting in faster query responses and improved overall system performance.

Additionally, Sigma rules now include validation for empty IP addresses, properly handling cases where a "-" sign is present.

Optimized Replay

Replay of events has been optimized to be faster and more efficient, allowing users to quickly review and analyze historical data without delays.

February 13, 2026
in NFR
5 min read

TeskaLabs LogMan.io NFR Virtual machine

TeskaLabs LogMan.io is a SIEM (Security Information and Event Management) and advanced log management cyber security tool.

The NFR (Not-For-Resale) release of TeskaLabs LogMan.io is distributed as a virtual machine. The NFR VM is intended for evaluation, demonstrations, proof-of-concept deployments, and training purposes.

The following guide covers how to start and operate the TeskaLabs LogMan.io NFR Virtual Machine.

Installation

1. Download the NFR VM image

OVA image for VMware
OVA image for Oracle VirtualBox

The VM image is encrypted, after the download, you have to decrypt it using following command. The password will be provided on request by support@teskalabs.com or your assigned TeskaLabs representative.

$ openssl enc -aes-256-cbc -d -pbkdf2 -in lmionfr2602-...enc -out lmionfr2602-....ova

Checksums:

$ shasum -a 256 lmionfr2602-virtualbox.ova
a5a0e2328ecbd10319beb4eb8481209b61ed49e1704ada7530260d0a0d1ffdb2  lmionfr2602-virtualbox.ova

$ shasum -a 256 lmionfr2602-vmware.ova
078683ab8559403ea6e26db6fbb21abf6c042f91c7decc0573d0f16f97e29f6b  lmionfr2602-vmware.ova

2. Import the NFR VM image into your virtualization platform

Minimum specifications:

Resource	Requirement
CPU	2 cores
RAM	48 GB
Disk	300 GB (thin provisioning)
OS	Linux Ubuntu Server 22.04 LTS

Tip

You may add more resources to improve performance, but do not allocate less than the values above.

3. Adjust the network configuration

Configure networking according to your needs. We recommend bridge mode so that the NFR VM is accessible from your local network and you can easily set up log shipping into TeskaLabs LogMan.io.

4. Start the NFR VM

After booting, the detected primary IP address will be printed on the VM's terminal. Note this IP address — you will need it in the next step (referred to as x.x.x.x).

Screenshot of TeskaLabs LogMan.io NFR Virtual machine console

5. Update your system hosts file

Add the following line to your system hosts file, replacing x.x.x.x with the IP address from the previous step:

x.x.x.x lmionfr2602.logman.int

Hosts file location by OS:

Windows — C:\Windows\System32\drivers\etc\hosts
Linux / macOS — /etc/hosts

6. Log in to TeskaLabs LogMan.io

Open a web browser and navigate to: https://lmionfr2602.logman.int

You will see a privacy warning about the TLS certificate — this is expected, as the VM uses a self-signed certificate. Accept the warning and proceed to the web application.

Tip

We highly recommend using a recent version of Google Chrome.

The username is nfruser, password is NFRuser123:) and the default tenant is nfr. We advise you to change the password of the nfruser as soon as possible.

Initial setup

There is an integrated log collector running within the NFR VM, connected to nfr tenant. This integrated collector is listening on ports 514, 1514, 6514, both TCP and UDP for a syslog logs. You can also ship logs over TLS to these ports, there is an autodetection and internal Certificate Authority running within the NFR VM.