What's new in Disconnected Log Collector

Stay up to date with the new features that are available in IBM® Disconnected Log Collector.

1.8.3

Improved security with protocol updates

The following protocols are updated to improve security compliance with this version of Disconnected Log Collector:
  • Log File Protocol
  • Microsoft Azure Event Hubs

For more information about the parameters for each log source, see the readme files that are provided with the product. The readme files are available in the /opt/ibm/si/services/dlc/conf/template directory.

1.8.2

Improved security with protocol updates

The following protocols are updated to improve security compliance with this version of Disconnected Log Collector:
  • Akamai Kona REST API
  • Amazon AWS REST API
  • Amazon Web Services
  • Apache Kafka
  • Ariel REST API
  • Blue Coat Web Security Service (WSS) REST API
  • Box REST API
  • Google G Suite Activity Reports REST API
  • JDBC
  • Log File Protocol
  • Microsoft Azure Event Hubs
  • Microsoft Graph Security API
  • Microsoft Office 365 REST API
  • Microsoft Office 365 Message Trace REST API
  • Seculert Protection REST API
  • SMB Tail
  • SNMP
  • Universal Cloud REST API
  • Windows Defender® for Endpoint REST API
    Important: Due to a change in the Microsoft Defender API suite as of 25 November 2021, Microsoft no longer allows the onboarding of new integrations with their SIEM API.

    To continue to receive data from Microsoft Defender for Endpoint REST API log sources, you must register a new application and create Microsoft Graph Security API log sources to collect the data. For more information, see Migrating Microsoft Defender for Endpoint REST API log sources to Microsoft Graph Security API log sources.

For more information about the parameters for each log source, see the readme files that are provided with the product. The readme files are available in the /opt/ibm/si/services/dlc/conf/template directory.

1.7.0

Support for Disaster Recovery

You can now enable your Disconnected Log Collector device to run on a destination site if your primary site stops working due to a site failure. Disconnected Log Collector works with the IBM QRadar® Data Synchronization app to ensure that you do not lose your data.

For more information, see Disaster Recovery and Disconnected Log Collector.

Improved security and accessibility with industry compliance

Disconnected Log Collector is compliant with the Federal Information Processing Standards (FIPS).

1.6.0

Generate requests for server certificate on QRadar

You can use the generatecertificate.sh script to generate requests for the server certificate that is used by the Disconnected Log Collector log source protocol on QRadar.

For more information, see Setting up certificate-based authentication on QRadar.

1.5.0

Monitor the health of Disconnected Log Collector

You can enable metrics collection to monitor the health of Disconnected Log Collector. Collect metrics on the event rate and spill file count for the pipeline to QRadar. Send the metrics to QRadar as events.

For more information, see Sending Disconnected Log Collector health metrics to QRadar.

Monitor client certificate expiry

You can monitor the expiry of the client certificate that Disconnected Log Collector uses for secure TLS communication to QRadar. Specify the number of days in advance of the expiry to send a notification event to QRadar.

For more information, see Sending Disconnected Log Collector health metrics to QRadar.

Support for more log source protocols

The following log source protocols were added:

  • IBM Cloud® Identity Event Service
  • Microsoft Graph Security API
  • Microsoft Office 365 Message Trace REST API
  • Universal Cloud REST API

For more information about the parameters for each log source, see the readme files that are provided with the product. The readme files are available in the /opt/ibm/si/services/dlc/conf/template directory.

1.4.0

In QRadar 7.4.0 or later, use the QRadar Log Source Management app (version 6.0 or later) to register or import Disconnected Log Collector instances that are installed in your environment. You can configure your log sources in the app, which is much faster than by using the Disconnected Log Collector's JSON config file.

Disconnected Log Collector Management

In addition, the following log source protocols were added:

  • Ariel REST API
  • Box REST API
  • Centrify Redrock REST API
  • Google G Suite Activity Reports REST API
  • Netskope Active REST API
  • Okta REST API
  • Seculert Protection REST API
  • VMware vCloud Protocol
  • Windows Defender ATP REST API

For more information about the parameters for each log source, see the readme files that are provided with the product. The readme files are available in the /opt/ibm/si/services/dlc/conf/template directory.

1.3.0

The following log source protocols were added:

  • SAP ETD REST API
  • ObserveIT JDBC
  • IBM SIM JDBC
  • Windows Security Event Log
  • EMC VmWare Protocol

1.2.0

The following log source protocols were added:

  • Akamai Kona REST API
  • Amazon web Services
  • Apache Kafka
  • Blue Coat WSS REST API
  • Cisco Firepower eStreamer
  • Microsoft Azure Event Hubs
  • Microsoft Office 365 REST API
  • MQJMS
  • Oracle Database Listener
  • Salesforce REST API
  • SMBTail
  • SNMPv3
  • Windows DHCP Protocol
  • Microsoft Exchange Protocol

1.1.0

More protocols were added in Disconnected Log Collector 1.1.0. For a full list of supported protocols, see Disconnected Log Collector overview.