ManageEngine designed Log360 as comprehensive SIEM solution with pre-configured threat intelligence that automatically triggers real-time notifications of malicious traffic. It offers seamless integration with various third-party threat intelligence providers to combine many different threat response functions in a single console. Log360 can even conduct a network discovery scan to inventory devices automatically and provide corresponding records from the start. This holistic approach and enterprisewide view of all devices and applications within a network lets businesses gain full control over their networks and solve their network security challenges.

The threat intelligence module of Log360, EventAnalyzer, focuses on offering better internal and external threat intelligence context in a single console, an approach that increases efficiency and also greatly reduces alert fatigue. Analysts may configure their own custom threat feeds using the STIX/TAXII threat feed processor to maximize flexibility and threat hunting. This product uses its built-in global IP threat database and advanced analytics Webroot integration to detect attacks in their early stages. Its correlated reporting and real-time alerting drives security efficiency, issuing timely notifications whenever it detects malicious actors within a network. The default threat feed intelligence server comes bundled with the product and assesses more than 600-million IPs and domains daily to keep pace with the threat landscape.

The Alerts Tab offers a useful overview of alerts categorized according to level of severity: attention, trouble, and critical. Such defined categories lead to quick visibility so analysts may put their focus where they need it most. One search feature lets analysts narrow the scope of alerts and drill into each one for more granular information, while another lets analysts conduct incident response directly from the active alerts view. They may then either assign an alert to an administrator or technician or preconfigure the assignment rules to complete these tasks using automation. The ease-of-use of this platform truly optimizes threat response.

Overall, security pros will find ManageEngine Log360 a powerful, but resource-intensive product that manifests the ManageEngine ethos that threat intelligence should combine the strengths of many different sources, not depend on a singular capability. ManageEngine designed Log360 with many pre-configurations and auto-configurations that maximize ease-of-use by completing many of the tasks that analysts would otherwise have to do. We caution prospective users that the comprehensive nature of the platform, which essentially integrates seven products into one, poses a noticeable learning curve. It took us some time to learn how to setup licenses properly and to locate graphical reports. However, the all-in-one solution approach is unique and would be ideal for experienced teams currently facing or looking to avoid tool fatigue.

Pricing starts at $3,000 for a typical installation of basic infrastructure, syslog devices, UEBA, and EventAnalyzer. This price includes 24/5 phone, email, and website support as well as access to a knowledgebase and FAQ list. Additional support options are available for a fee. The online support manuals do appear outdated, and we strongly recommend that the company devote some time to revamping this portion of the offering. We appreciate the additional support videos on the website, but we had some trouble finding them. We believe that ManageEngine could greatly improve the intuitive use of Log360 if all support materials were located in one place.

Written by Katelyn Dunn

Tested by Tom Weil