Changes in UserGate SIEM 7

UserGate SIEM 7.3.0 (build 7.3.0.123359R, 19.03.2025).

Сhanges in new version:

  • [SUM-7555] SIEM has been released as a separate product. Logan and SIEM are technically separated for independent development within the SUMMA ecosystem. Important! Old SIEM 7.1.x 7.2.x installations cannot be updated to the new SIEM 7.3.x, a new installation is required.
  • [SUM-9929] A new licensing system has been introduced. Now SIEM is licensed per core (equivalent to 1cpu = 1000 Event Per Second). Without a license, connecting sources is not available; with an activated license, the restriction is removed.
  • [SUM-4859] Added the ability to create a failover cluster for SIEM (active-passive). Added a new cluster node type Arbitrator, which ensures data consistency.
  • [SUM-12938] A library of normalization rules expertise for various event sources from MRC UserGate has been added, allowing event sources to be quickly and correctly connected to the customer's infrastructure. The normalization library is available in the basic product license.
  • [SUM-10186] Added the ability to use category URL lists in search queries in analytics and search.
  • [SUM-10188] Added the ability to use application lists in search queries in analytics and search.
  • [SUM-11415] Fixed inability to remove UserGate sensor.
  • [SUM-12938] Added a library of custom log normalization rules.
  • [SUM-14275] Fixed a bug causing the radius authentication method to not work after updating the version.
  • [SUM-15253] Fixed security issue, which allowed to run arbitrary command at OS level if administrative access to the web-console is granted.