ManageEngine Log360
Photo Gallery
ManageEngine Log360
Additional Info
Company | ManageEngine |
Website | https://www.manageengine.com/ |
Company size (employees) | 10,000 or more |
Headquarters Region | North America |
Overview
Log360 is a unified security analytics solution with SOAR capabilities. When customers purchase Log360, SOAR capabilities are available out of the box. Log360 enables customers to defend against threats in the larger network, Active Directory, file systems, cloud infrastructures and more.
Here’s how the solution’s SOAR capabilities can be used:
1. IT teams can automatically collect data from disparate sources to identify security threats.
2. Customers get better context through the use of and integration with threat intelligence feeds. Log360 integrates with Webroot’s BrightCloud threat intelligence apart from providing STIX/TAXII threat feeds. This can be used during correlation analysis.
3. Customers can associate predefined or custom workflows with alerts, and automate incident response measures through workflows that lay out the sequence of steps to be taken following a security incident.
4. Customers can manage detected incidents in third-party centralized help desk consoles for ensuring accountability. We support integration with ServiceNow, ManageEngine ServiceDesk Plus, JIRA, ZenDesk, BMC Remedy, and a lot more tools.
5. They can use inputs from our network monitoring tool OpManager, and privileged access management solution PasswordManager Pro for better security analytics. This enhances the business context and helps detect threats more effectively.
6. Customers can orchestrate with other security tools such as vulnerability scanners, threat detection solutions, and antivirus, and get security context from them for effective correlation analysis and end-to-end incident management.
7. Incidents can be efficiently handled by assigning tickets to administrators as soon as alerts are triggered.
8. Log360 also provides an option to design customized workflows to mitigate the impact of the attack. Customers can execute scripts to ensure end-to-end incident management.
How we are different
1. Log360's SOAR provides effective case management capabilities: Analysts can add multiple alerts together as incidents and incident tickets can be assigned to technicians based on custom rules. All the notes, evidence pertaining to an incident can be seen in one place. This enables better visibility and collaboration between analysts. For insightful forensics, analysts can view the users, hosts, and other "actors" associated with the incident at one place. They also get to see probable "suspects" of the incident. From here, they can pivot and do a log forensics analysis within the console. Analysts can also manage incidents through unidirectional integration with several ITSM tools. The status of the incident (open, closed or in-progress) can be seen along with the incident age. The incident created time is also seen. Response workflows can be associated with incidents for immediate resolution.
2. Several critical technology integrations: Log360 integrates with Webroot's BrightCloud threat intelligence so that this information can be used along with internal data for correlation analysis and threat detection. It integrates with ManageEngine OpManager, a network monitoring solution, for better network visibility. This integration brings the SOC and the NOC together. It also integrates with ManageEngine PasswordManager Pro, a privileged access management solution, to get more user telemtry and gain security insight. For efficient incident management, Log360 integrates with ticketing tools like JIRA, BMC Remedy, ManageEngine ServiceDesk Plus, ServiceNow, Zendesk and more.
3. The use of response playbooks: After a security incident is identified, customers can use automated workflows to respond. The workflows can include actions to logoff a user, shut down a device, stop a process, change firewall policies, and execute certain batch files and scripts. Customers can use the drag-and-drop feature to build their own response playbook. Each playbook can be associated with an alert or incident so that it