Navigate the Future of Security:
Key Updates in ManageEngine Log360 That Empower Your Threat Management Strategy
ManageEngine Log360 has recently introduced several significant updates to enhance its security information and event management (SIEM) capabilities, providing users with advanced tools for threat detection, incident response, and compliance management. Below is a comprehensive overview of the latest features and improvements:
1- Incident Workbench Integration
Released on February 20, 2024, the Incident Workbench is a dedicated threat investigation console within Log360’s SIEM component. This feature offers advanced contextual analytics through multiple integrations, enabling security teams to:
- Track Anomalous User Actions: Monitor and analyze unusual user behaviors to identify potential security incidents.
- View User Risk Scores: Assess risk levels associated with user activities, facilitating proactive threat management.
The Incident Workbench integrates with Log360’s Advanced Threat Analytics for in-depth risk analysis of IPs, URLs, domains, and files. Additionally, the integration of VirusTotal provides access to one of the largest live threat feeds, enhancing the ability to detect and respond to emerging threats. Users can add up to 20 analytical tabs in a single instance of the Incident Workbench and save them as Threat Evidences for future reference.
2- Device Summary Dashboard
Introduced alongside the Incident Workbench, the Device Summary dashboard offers an analytical console to view the overall event summary of devices. Accessible from the SIEM dashboards, this feature provides:
- Event Summary for Selected Periods: Review device events over specified time frames to identify patterns and anomalies.
- Top Active Users: Identify users generating the most activity on specific devices.
- File Monitoring Events: Track changes to critical files to prevent unauthorized access or modifications.
- Device Severity Events: Categorize events based on severity to prioritize incident response efforts.
- Alerts Summary: Consolidate alerts for efficient monitoring and action.
- Activity Overview for Applications: Gain insights into application-specific activities on devices.
This comprehensive view aids in efficient device management and enhances security monitoring capabilities.
3- Enhanced Correlation Rule Package
To bolster threat detection, Log360 has added over 50 new predefined correlation rules. This package includes rules for detecting:
- Suspicious Process Spawning: Identify unexpected processes that may indicate malicious activity.
- Use of Prevalent Attacker Tools: Detect tools like Mimikatz and Metasploit commonly used by attackers.
- Living off the Land Attacks: Recognize exploitation of native binary tools and utilities by attackers.
These enhancements aim to improve the detection of sophisticated threats and reduce the likelihood of security breaches.
4- JSON Parsing Support
Released on January 24, 2025, Log360 Cloud now offers advanced capabilities to parse JSON logs. This feature allows users to extract various fields from JSON logs seamlessly and can be applied to both new and existing custom log formats that support file import. This enhancement ensures greater flexibility and precision in log management.
5- Real-Time Anomaly Detection
On February 8, 2024, Log360 introduced real-time anomaly detection for EventLog Analyzer reports. This feature enables the system to:
- Detect Behavioral Threats as They Occur: Identify deviations from normal behavior patterns in real-time.
- Proactively Defend Against Cyber Risks: Allow security teams to respond swiftly to emerging threats.
By configuring real-time anomaly detection, organizations can enhance their proactive threat management capabilities.
6- ML-Based Automation for Alerts Threshold
In November 2023, Log360 introduced an industry-first, dual-layered system for precise and accurate threat detection in its Threat Detection, Investigation, and Response (TDIR) module, VigilIQ. The new adaptive threshold feature:
- Utilizes Machine Learning Algorithms: Analyzes the usual occurrence of events to determine normal behavior patterns.
- Automatically Determines Threshold Values: Sets thresholds for triggering alerts based on learned behavior.
- Enhances Alert Efficiency: Minimizes false positives and optimizes true positive triggers, ensuring that security teams focus on genuine threats.
This enhancement aims to improve the accuracy and efficiency of threat detection, reducing the burden on security personnel.
7- Support for Duo Security Web v4 SDK
Released on March 25, 2024, Log360 now supports Duo Security using Web v4 SDK as a secondary authentication factor. This update is in response to Duo Security’s announcement of the end-of-life for Web v2 SDK on March 30, 2024. Users are advised to configure Web v4 SDK promptly to ensure continued multi-factor authentication support.
8- Internal Code Refactoring and Product Cleanup
On April 8, 2024, Log360 underwent internal code refactoring and product cleanup, including updates to code, libraries, and files. These enhancements aim to improve the application’s performance, stability, and maintainability.
9- Log360 MSSP Edition Launch
ManageEngine announced the launch of Log360 MSSP Edition, an on-premise SIEM solution tailored for Managed Security Service Providers (MSSPs). This edition addresses the growing demand for outsourced security services, providing MSSPs with advanced tools to manage and monitor client security environments effectively.
