ManageEngine Log360
Photo Gallery
 |
 |
ManageEngine Log360
Additional Info
| Company | ManageEngine |
| Website | https://www.manageengine.com/ |
| Company size (employees) | 5,000 to 9,999 |
| Type of solution | Software |
Overview
Log360 is a unified SIEM solution with integrated DLP and CASB capabilities to detect, investigate, and respond to security threats. It also offers out-of-the-box security orchestration, automation, and response (SOAR) capabilities. Log360 enables you to defend against threats in the larger network, Active Directory, file systems, cloud infrastructures, and more.
With Log360’s SOAR capabilities, you can:
1. Automatically collect data from disparate sources to identify security threats.
2. Get better context through the use of and integration with threat intelligence feeds. 3. Log360 integrates with Webroot’s BrightCloud threat intelligence and provides STIX/TAXII threat feeds. These threat feeds can be used during correlation analysis.
3. Associate predefined or custom workflows with alerts and automate incident response measures through workflows that lay out the sequence of steps to be taken following a security incident.
4. Manage detected incidents in centralized, third-party help desk consoles to ensure accountability. We support integration with ServiceNow, ManageEngine ServiceDesk Plus, JIRA, ZenDesk, BMC Remedy, and other help desk tools.
5. Integrate with other ManageEngine products. Use inputs from our network monitoring tool OpManager and privileged access management solution PasswordManager Pro for better security analytics. This enhances the business context and helps detect threats more effectively.
6. Orchestrate with and gain context from other security tools such as vulnerability scanners, threat detection solutions, and antivirus solutions for effective correlation analysis and end-to-end incident management.
7. Efficiently handle incidents by assigning tickets to administrators as soon as alerts are triggered.
8. Design customized workflows to mitigate the impact of the attack. Customers can execute scripts to ensure end-to-end incident management.
How we are different
1. Effective case management capabilities: Analysts can add multiple alerts together as incidents, and incident tickets can be assigned to technicians based on custom rules. All the notes and evidence pertaining to an incident can be viewed in one place. This enables better visibility and collaboration between analysts.
For insightful forensics, analysts can view the users, hosts, and other actors associated with the incident in one place. They can also view probable suspects of the incident. They can then pivot and carry out log forensics analysis within the console. Analysts can also integrate with several ITSM tools to manage incidents. The status of the incident (open, closed, or in-progress) can be seen along with the incident age and the time the incident was created in Log360. Response workflows can be associated with incidents for immediate resolution.
2. Several critical technology integrations: Log360 integrates with Webroot's BrightCloud threat intelligence so that this information can be used along with internal data for correlation analysis and threat detection. It integrates with ManageEngine OpManager, a network monitoring solution, for better network visibility. This integration brings the SOC and the NOC together. It also integrates with ManageEngine PasswordManager Pro, a privileged access management solution, to get more user telemetry and gain security insights. For efficient incident management, Log360 integrates with ticketing tools like JIRA, BMC Remedy, ManageEngine ServiceDesk Plus, ServiceNow, Zendesk, and more.
3. Response playbooks: After a security incident is identified, customers can respond with automated workflows. Workflows can include actions to log off a user, turn off a device, stop a process, change a firewall policy, or execute certain batch files and scripts. Customers can use the drag-and-drop feature to build their own response playbook. Each playbook can be associated with an alert or incident so that it gets automatically deployed.
