Log360 contains two components, with each of them providing a rich but unique set of features. These components are:
- AD Auditing
- EventLog Analyzer
Data Synchronization Across Components
Once the different components of Log360 are integrated, the data related to domain settings, component integration, etc., will be automatically synchronized across each component. This saves a lot of time for the administrators, as they no longer have to configure the same settings across all the four components. Any changes they make in any one of the components will be reflected in the other components also.
Detecting and enriching IoCs and IoAs with Log360
Log360 comes with a built-in, real-time event response system that detects IoCs, and a correlation engine that helps enrich IoAs. This solution also has a prepackaged global IP threat database that has over 600 million malicious IP addresses. Whenever trafﬁc from any of these IP addresses hit resources in the network, the security administrators will be notiﬁed in real-time and with the solution, they can even conﬁgure a custom script to block this IP address right away.
Real-time event response system: Log360 has over 700 prebuilt alert proﬁles that are based on meticulous study of various IoCs. Security administrators can choose to enable alert proﬁles that are relevant to their business context to detect attacks instantly.
Whenever an IoC occurs, administrators will get real-time notiﬁcations via email or SMS, as well as a detailed report on the event, speeding up the attack mitigation process. Furthermore, to reduce the number of false positives, Log360 includes the ability to create alert proﬁles for speciﬁc devices based on event frequency or time frame. Log360 also provides detailed reports on each of the following:
Unauthorized access attempts to critical databases.
- Unusual login failures:: Identify who attempted to log on, from which IP address, when, and whether it was from a remote host.
- Login failure details: Lists all logon failures, including why the logon failed (for example, whether it was due to a bad password or incorrect username).
Unauthorized copy of critical information.
- Detailed DML auditing: Track who executed a select query in the database, from where, and when.
- Copy attempts: Determine who tried to copy data, to where, and from which machine the attempt was made.
These details give Log360 users additional context, which helps them validate incidents as a threat or attack. The correlation engine: Log360 offers the capability to correlate different events across the network to recreate and detect known attack patterns.
In terms of the data breach scenario above, administrators can use Log360 to build a custom correlation rule and detect similar attacks faster. With Log360's drag-and-drop correlation rule builder, users can simply select predeﬁned actions and create a rule for any attack pattern.
Further, users can set up threshold values for each of the actions to precisely detect attack patterns and save time investigating false positives.
Get a Quote or Download Free Trial