LogLens v0.5.0 is the Evidence Explainability Release.
This release makes the path from raw Linux authentication evidence to bounded triage findings easier to review. It stabilizes parser observability, report contracts, evidence references, and explicit non-claims without widening LogLens into an incident verdict system.
Highlights
- Stable JSON report contract:
loglens.report.v2withschema_version: 2. - Stable finding explainability fields:
rule_id,subject_kind,subject,grouping_key,window_start,window_end,threshold,observed_count,evidence_event_ids, andverdict_boundary. - Golden fixtures for
report.md,report.json,findings.csv, andwarnings.csv. - Sanitized 150-line mixed auth corpus plus a checked-in parser coverage artifact.
- Parser failure and false-positive taxonomies.
- Forensic-style Linux authentication evidence case studies.
Reviewer evidence
- Full v0.5.0 release notes
- Parser contract
- Report artifact contract
- Mixed auth corpus and parser coverage artifact
- False-positive taxonomy
- Linux auth brute-force case study
Non-claims
LogLens findings remain bounded triage signals. This release makes:
- no compromise verdict
- no attribution
- no blocking recommendation
- no cross-host correlation
No CLI migration is required. Downstream JSON consumers should key off schema and schema_version.