Appearance
Changelog
Update: 2026/01/30
New Integration: Forticlient EMS: Allow customers to send Forticlient EMS logs to Realm via a collector.New Integration: Cisco FTD: Update Cisco FTD source format enum & add parsers for EMBLEM format.Bug Fix: Volume reduction round down to 0 on the landing page instead of showing -ve reduction.-Bug Fix: When selecting a different rule in the table on the Transforms page, the metrics panel does not refresh to show its metricsError writing metrics for new fabric nodes
Update: 2026/01/30
New Integration: Cloud HTTP Input feed: Support pushed based data ingest via HTTP web hookAzure Event Hub Source: Support ingestingNew Integration: Azure Event Hub events using AWS S3 as the input feed.Bug Fix: Umbrella Scraper: improve efficiency of S3 list object iterationBug Fix: Rule preview segfaults when > 10 conditions existBug Fix: MS Sentinel: Bad credentials should not crash the fabric
Update: 2026/01/23
Enhancement: Add Option for "View Health" in all Sources and Destinations pagesEnhancement: UX improvements for new theme and collapsible Main nav.Enhancement: Insert "Unavailable only" toggle into Feed Availability header.Enhancement: Add Observables for Windows Event Log during Data Haven resupply.Bug Fix: Umbrella scraper pods unable to process data after being active for 30d.Bug Fix: Do not set meta timestamp when sending events to Splunk.Bug Fix: Several fixes around Event Capture workflow to prevent unintentional page refreshing/resetting.Bug Fix: Ensure Redaction Rules do not show up in Log Reduction Page.Bug Fix: Page becomes unresponsive after selecting a different time range on the feed availability page.
Update: 2026/01/13
Feature: Privacy Guard: Allows customers to redact field values in events before forwarding the events to a destination. The redaction rules are configured at the destination, so an un-redacted copy of the same event could be sent to an archive for instance if necessary.Bug fixes: Small improvements/bug fixes.
Update: 2025/12/15
Feature: Archive Resupply: Allows customers to resupply data for a given source for upto a year from the archive to their destination of choice.Enhancement: Feed Availability page is completely revamped to highlight issues and be able to see them in a glance.Enhancement: New Source onboarding workflow that takes the user through all the steps from creating a source, configuring a feed, configuring a collector without having to jump across pages/tabs.
Update: 2025/11/25
Enhancement: New layout for Sources page. The configured sources will appear as cards instead of a list.
Update: 2025/11/21
Feature: Data Haven: With Data Haven module enabled, data ingested from all sources gets saved in Realm managed Data Haven. With IOC Resupply, users can now resupply logs from one or more sources that match a set of observables. The observables are normalized across all the data sources, making it easy to query data across multiple sources.
Update: 2025/10/29
New Integration: Microsoft Sentinel: Customers can now forward their logs to Microsoft Sentinel.New Integration: Palo Alto XSIAM: Customers can now forward their logs to Palo Alto XSIAM.
Update: 2025/10/22
Enhancement: Collector: Add support for receiving raw TCP streamEnhancement: Collector: Configure disk buffer size based on number of messages instead of number of bytes. This is to workaround the issue we ran into at Mainline with their collector running out of disk space and not reporting data to the backend.Enhancement: Fix % improvement calculation on the volume reduction page
Update: 2025/10/09
New Integration: Cisco Secure Firewall: This integration enables ingestion of Cisco Secure Firewall logs into RealmNew Integration: Sonicwall Firewall: This integration enables ingestion of Sonicwall logs into Realm.
Update: 2025/09/15
Enhancement: A new tab on the Fabric page highlights any errors with input and output feeds, making it easy to troubleshoot ongoing errors. The page also shows historical errors related to a feed.New Source: Cloudflare logs: Customers can now ingest Cloudflare logs via S3.New Source: Zscaler logs: Zscaler is now a supported source in Realm. Zscaler logs can be ingested via Realm data collector.New Source: Palo Alto CEF format: Allow customers to ingest Palo logs in CEF format.Enhancement: When regenerating an install token for a collector, a confirmation dialog is now shown to the user.Enhancement: Display user's first name and last name on the Users page.
Update: 2025/08/27
Buf fix: Fix API authentication issue with Okta input feed
Update: 2025/08/20
Enhancement: Sumo Logic output feeds now get additional metadata_realmfeedwith the input feed name (for collector feeds, this is the stream name) &_realmcollectorwith the collector name. To make use of these meta fields, login to Sumo Logic and add two fields.Enhancement: Added support for nested JSON fields in filter rule conditions.Buf fix: Fixed Analyst role permissions so they can create and manage input/output feeds.Buf fix: Enabled disk buffer compaction for Realm Data Collector so that disk space get automatically reclaimed once the events have been drained out.
Update: 2025/08/13
Buf fix: Updates to feed credentials get reloaded/refreshed in the data fabricBuf fix: Fix form for creating Top DNS ruleBuf fix: Adding/removing a source/destination to a destination/source is updated in the UI without needing a refresh
Update: 2025/08/01
Enhancement: A new Volume reduction page has been added to each destination to improve the ease of use around viewing rule statistics, promoting rules to live mode and identifying the next best opportunities for volume reduction.Enhancement: New home page design highlighting volume reduction savings for SIEM destinations.
Update: 2025/07/25
New Source: Cloud Syslog - Allow security products to export logs via Syslog directly to Realm cloud backend.Enhancement: AI powered Recommended Rules will automatically get attached to a destination when you connect a source to a destination. The selected rules will vary based on the intended use of a destination. These recommended rules have a better description and context making it easier to understand what the rule does. For all existing customers, recommended rules will get added to the existing destinations. In some cases, these recommended rules may look very similar to manually created rules. Realm will help cleanup the overlapping manually created rules in favor of the recommended rules.
Update: 2025/07/17
Enhancement: Single Sign on (SSO) support for authentication & MFA for username/password logins.New Destination: Add support for forwarding logs to GCP Cloud Storage for log Archival.
Update: 2025/07/09
Enhancement: Support Top DNS Filter rule for Infoblox source.Bug Fix: Handle incorrectly quoted CEF logs generated by InfobloxRealm Data Collector:v0.129.0-rlm2: Windows Service reliability fixesRealm Data Collector:v0.129.0-rlm2: Upgraded OpenTelemetry Collector base to v0.129.0Realm Data Collector:v0.129.0-rlm2: Allow easier upgrade of collector using--config=realm:upgradeCLI option.
Update: 2025/06/23
New Source: Ingest, parse and filter Infoblox logs.
Update: 2025/06/12
Enhancement: Add capability to test dedup rule against an event sample.Enhancement: Reduce log volume by removing DNS lookups for popular internet domains from Majestic Million dataset.New Source: Ingest, parse and filter Cisco Umbrella logs.
Update: 2025/05/29
Enhancement: Allow adding an exception rule to ensure specific events always get forwarded regardless of the configured filter rules.Enhancement: Realm Data collector will now send collector logs and metrics to Realm backend for ease of monitoring and troubleshooting. All existing collectors should receive the updated config and start reporting logs & metrics without needing any manual intervention.
Update: 2025/05/22
Enhancement: Allow removing duplicate events based on a set of fields.
Update: 2025/05/15
Enhancement: Allow Splunk index name to be configurable on a per source basis.Enhancement: Data table on the Fabric Health page now show cumulative totals for the selected time range.Bug fix: Remove unknown chart series on the Fabric Health page when an input feed node is selected.
Update: 2025/05/08
New Source: AWS CloudTrail integration to ingest, parse and filter logs.New Source: Palo Alto firewall integration to ingest, parse and filter logs.Bug fix: Allow case insensitive usernames at login. Note: any existing users with case sensitive emails will need to removed and readded to their tenant.Bug fix: Fix display issue with Rule metrics on the destination page.Bug fix: Windows collector failing to renew cert in certain situations.
Update: 2025/04/30
Enhancement: Include firewall hostname as part of the log event metadata sent to Sumo Logic, so users can search and filter events by firewall hostname.Enhancement: Allow sending parsed JSON events to Sumo Logic. There is a new config option (Format) available for the Sumo Logic output feed. Setting the format to JSON will send parsed JSON events over.Enhancement: Added support for new operators (exists, negation) in rules.
Update: 2025/04/01
New Source: Fortigate firewall integration to ingest, parse and filter logs.New Destination: Sumo Logic integration to route logs to the SIEM.
Update: 2025/04/01
Feature: Configure Realm data collector and associated streams to easily collect logs from on-prem data sources such as Fortigate and Palo Alto Firewalls and forward to Realm data fabric.
Update: 2025/03/20
Enhancement: View rule metrics in Verify mode.
Update: 2025/02/11
Feature: Create and manage filter rules per destination to help reduce log volume.Feature: Evaluate rules against captured event samples to quickly iterate and finalize the rule.