Appearance
Changelog
Update: 2026/03/27
Features
Email Notifications: Product supports sending email notifications for Data Haven requests as well as Feed availability issues. For Data Haven, an email notification will be sent to the user that submitted the Resupply request when the data has been Gathered and also after the data has been Sent to the destination. For feed availability notifications, users will need to opt in from user settings page. An email notification will be sent when a feed transitions from being Healthy to Unhealthy and also from being Unhealthy to Healthy.Trim Field Values: A new log reduction rule type that lets you trim field values before forwarding data to your destinations. Destination-level metrics now properly track reduction impact for trim and redact operations.
Integrations
New Source: Abnormal AI: Realm now support ingesting Abnormal AI logs into the product.New Destination: Exabeam SIEM Customers can now configure and send their logs to Exabeam.
Enhancements/Bug fixes
- Fixed a page crash when using custom date ranges in Fabric Health.
- Fixed stream input feeds not updating the timezone when the setting was changed.
- Fixed the home page time picker not displaying all active states correctly.
- Azure Event Hub Resolved an issue where events from Azure Event Hub were not being de-batched correctly, ensuring reliable and complete ingestion of event streams.
- Zscaler Cloud NSS — ZIA Adjust JSON parser.
Update: 2026/03/19
Integrations
Elastic & OpenSearch: Realm now supports sending data to Elastic & OpenSearch.Zscaler NSS Cloud: Realm supports ingesting logs directly from Zscaler NSS Cloud. This approach simplifies log ingestion for Zscaler for customers that have a license for Zscaler NSS Cloud by removing the need to manage an intermediary VM.Fortigate CEF format: Add support for ingesting Fortigate logs in CEF format.
Update: 2026/03/14
Enhancement: Volume reduction page will no longer show disabled rules. If you want to see disabled rules, you can use the new toggle to show disabled rules.
Update: 2026/03/02
Enhancement: Timezone support for collector streams.Bugfix: "Top DNS Discard" rule only shows for compatible sources.Enhancement: Collect host metrics for collector VM for observability.
Update: 2026/02/27
Enhancement: Enrichments - Preview enriched events before enabling an enrichment dataset for a source.Enhancement: Event Captures - Cleanup expired event captures from the Event capture drop down to remove clutter.Enhancement: Destination page redesign for usability.Enhancement: Cisco FTD: Add support for DNS Majestic Million ruleNew Integration: AWS Cloudtrail: Allow parsing of non-native Cloudtrail logs that are forwarded via a SIEM for example.
Update: 2026/02/20
New Integration: Hydrolix - Enable customers to send their security logs to Hydrolix Data Lake. Hydrolix is a datalake that allows customers to easily search and analyze their security data.New Integration: Azure Event Hub: Allow customers to send logs from Azure Event Hub to Realm.Enhancement: Event captures: Event captures should now be ready in seconds instead of minutes and more reliable even for sporadic data.
Update: 2026/02/17
New Feature: Enrichments: Allow customers to enrich log data with third party datasets to provide additional context such as Geolocation, IP Info etc. The log data is enriched in real time and the enriched data is available to be forwarded to all configured destinations including the archive. Forwarding enriched data to the archive is beneficial as a lot of the enrichment datasets are point in time and cannot be done retroactively. Enrichments is a fully managed feature, where Realm handles configuration, licensing and periodic refresh of the datasets.New Integration: Akamai: Customers can send Akamai logs to Realm via SIEM Connector.New Integration: Cloudflare: Customers can now send Cloudflare logs to Realm via Http log push.
Update: 2026/02/06
New Integration: Forticlient EMS: Allow customers to send Forticlient EMS logs to Realm via a collector.
Update: 2026/01/30
New Integration: Forticlient EMS: Allow customers to send Forticlient EMS logs to Realm via a collector.New Integration: Cisco FTD: Update Cisco FTD source format enum & add parsers for EMBLEM format.Bug Fix: Volume reduction round down to 0 on the landing page instead of showing -ve reduction.-Bug Fix: When selecting a different rule in the table on the Transforms page, the metrics panel does not refresh to show its metricsError writing metrics for new fabric nodes
Update: 2026/01/30
New Integration: Cloud HTTP Input feed: Support pushed based data ingest via HTTP web hookAzure Event Hub Source: Support ingestingNew Integration: Azure Event Hub events using AWS S3 as the input feed.Bug Fix: Umbrella Scraper: improve efficiency of S3 list object iterationBug Fix: Rule preview segfaults when > 10 conditions existBug Fix: MS Sentinel: Bad credentials should not crash the fabric
Update: 2026/01/23
Enhancement: Add Option for "View Health" in all Sources and Destinations pagesEnhancement: UX improvements for new theme and collapsible Main nav.Enhancement: Insert "Unavailable only" toggle into Feed Availability header.Enhancement: Add Observables for Windows Event Log during Data Haven resupply.Bug Fix: Umbrella scraper pods unable to process data after being active for 30d.Bug Fix: Do not set meta timestamp when sending events to Splunk.Bug Fix: Several fixes around Event Capture workflow to prevent unintentional page refreshing/resetting.Bug Fix: Ensure Redaction Rules do not show up in Log Reduction Page.Bug Fix: Page becomes unresponsive after selecting a different time range on the feed availability page.
Update: 2026/01/13
Feature: Privacy Guard: Allows customers to redact field values in events before forwarding the events to a destination. The redaction rules are configured at the destination, so an un-redacted copy of the same event could be sent to an archive for instance if necessary.Bug fixes: Small improvements/bug fixes.