Three weeks after launching 0.2.4, we're excited to announce LogWard 0.3.0 — our biggest release yet, focused on application security and observability for .NET teams.
If you're new to LogWard: it's an open-source log management and SIEM platform, built as a privacy-first alternative to Datadog, Splunk, and SigNoz. GDPR-compliant, self-hostable, with Sigma-based detection rules and MITRE ATT&CK integration.
- 🌐 Cloud: logward.dev (free tier available)
- 💻 GitHub: logward-dev/logward (152+ ⭐)
- 📦 Docker Hub: 2,500+ pulls
🎯 What's New in 0.3.0
1. Full-Featured SIEM Dashboard
We built a dedicated interface for security incident management. No longer just detection rules — now you have a complete workflow for triaging, investigating, and resolving security events.
What's included:
-
Security Dashboard with 6 real-time widgets:
- Summary stats (total detections, open incidents, critical alerts)
- Top threats chart (Sigma rules ranked by detection count)
- Detection timeline visualization
- Affected services list
- Severity distribution
- MITRE ATT&CK heatmap showing which techniques are being detected across the tactics matrix
-
Incident Management with full lifecycle tracking:
- Status workflow: Open → Investigating → Resolved → False Positive
- Assignee management for incident ownership
- Collaboration via comments thread
- Full activity history timeline
- PDF export for incident reports
Real-time updates via Server-Sent Events (SSE) — the dashboard updates automatically when new detections fire
The SIEM dashboard turns LogWard from "just a log viewer with alerting" into a proper security operations tool. We're seeing teams use it for threat hunting, compliance reporting, and incident response coordination.
2. Official C# / .NET SDK
.NET developers asked, and we delivered. The new C# SDK brings first-class support for .NET 6/7/8 applications.
using LogWard;
var client = new LogWardClient(new LogWardOptions
{
ApiUrl = "https://logward.dev",
ApiKey = "lp_your_api_key",
BatchSize = 100,
FlushInterval = TimeSpan.FromSeconds(5)
});
// Simple logging
await client.InfoAsync("api-gateway", "Request processed", new {
method = "POST",
path = "/api/users",
duration_ms = 145
});
// ASP.NET Core middleware for auto-logging
app.UseLogWard(client);
Key features:
- Automatic batching with configurable size and interval
- Retry logic with exponential backoff
- Circuit breaker pattern for fault tolerance
- Query API for searching logs programmatically
- ASP.NET Core middleware for HTTP request logging
- Full async/await support, thread-safe
Full docs at /docs/sdks/csharp 📖
3. IP Reputation & GeoIP Enrichment
When LogWard detects suspicious activity (failed logins, SQL injection attempts, etc.), it now automatically enriches the incident with:
- IP reputation lookup (is this a known malicious IP?)
- GeoIP data with map visualization (where is this traffic coming from?)
The enrichment happens in the backend and displays directly in the incident detail view. This saves manual investigation time when triaging alerts.
4. Organization Invitations
You can now invite team members to join your LogWard organization:
- Send email invitations with role assignment (admin/member)
- Manage pending invites (view, resend, revoke)
- Automatic organization membership on acceptance
- Invitation expiration handling
This was a top-requested feature for teams self-hosting LogWard. No more sharing API keys or manually creating accounts.
5. Horizontal Scaling Documentation
We added a comprehensive guide for scaling LogWard across multiple instances using Traefik as a reverse proxy with load balancing.
Key topics covered:
- Docker Compose overlay for scaled deployments
- Sticky sessions for SSE connections (critical for real-time updates)
- Health check configuration
- Environment variables for scaling
Perfect for teams growing beyond a single-node deployment.
📊 What We've Learned
SIEM != Just Alerts: We initially thought security detection was about firing alerts. Wrong. The hard part is managing those alerts — assigning ownership, tracking investigation progress, reducing noise. The incident management workflow solves this.
SDK adoption matters: After releasing Python/PHP/Kotlin SDKs in 0.2.x, we saw 40% of new users choose SDK-based ingestion over raw HTTP API. The C# SDK should unlock .NET shops that were waiting on the sidelines.
Enrichment is expensive: IP reputation lookups add ~200ms per incident. We built aggressive caching (60-minute TTL) and made enrichment async to avoid blocking the detection pipeline.
🗺️ What's Next: Roadmap
We've been organizing our roadmap publicly on GitHub Issues. Here's what's coming:
Polish & Performance
- Light mode support (#41) — Dark mode isn't for everyone
- Keyboard shortcuts (#42) — Power users want Cmd+K navigation
- Enhanced stack trace visualization (#23) — Better exception debugging
Advanced Analytics
- Log pattern detection & auto-clustering (#21) — Automatically group similar log patterns using ML
- Anomaly detection (#22) — Alert on unusual log volume spikes/dips
- Service dependency graph (#40) — Visualize how services communicate based on trace data
Enterprise Features
- Saved searches & custom dashboards (#43) — Persist your favorite queries
- Helm chart for Kubernetes (#45) — First-class k8s deployment
- Migration guides from competitors (#44) — Make it easy to switch from Datadog, Splunk, etc.
Full Observability Platform
- OTLP Metrics ingestion (#4) — Expand beyond logs to metrics + traces
We're prioritizing based on community feedback. If you have opinions on what matters most, drop a comment or upvote the relevant GitHub issues!
🚀 Try It Now
LogWard is AGPLv3-licensed and ready to self-host or try on the cloud:
-
Self-Hosted:
docker pull logward/backend:0.3.0(Deployment Docs) - Cloud (Free Tier): logward.dev/register
- GitHub: logward-dev/logward
If you're running .NET apps, the C# SDK is waiting for you. If you're doing security monitoring, the SIEM dashboard changes the game.
What features are you most excited about? What's missing from the roadmap? Let me know in the comments! 👇
Top comments (0)