Help Document

Overview
Setting up
- Account setup
- Starting Log360 Cloud
- Supported log sources
- Adding Syslog devices
- Subscription
- Prerequisites
- Service Level Agreement (SLA)
- Amazon Web Services (AWS)
- Microsoft 365 Auto Configuration
- Microsoft 365 Manual Configuration
Dashboard
Reports
- Available Reports
- Manage Predefined Reports
- Manage Report Views
- Custom Reports
- Types of Report Views
- Report Exporting
- Schedule exports
- Other report options
- LDAP events
- Advanced Active Directory reports
  - User Work Hours
  - Account lockout analyzer
Compliance Reports
Search
- Search
- Search tool
- Save searches
- Share searches
- Export searches
- Add or remove fields from the search results
- Tagging tool
Cloud correlation
- Understanding correlation
- Generating correlation reports
- Managing correlation rules
UEBA
- Overview
- Anomaly rules of UEBA
  - List of anomaly rules
  - Working with anomaly rules - view, manage and customize rules
- Investigating anomalies
Zia Insights
- Overview
- Using Zia Insights
- Setting up Zia Insights
- Invoking Zia Insights
Alerts
- Creating alert profiles
- View log alerts
- Ticketing tool configuration
- Manage profiles
Threat investigation
- Incident Workbench
- Device summary
Incident management
- Incident management
Configuration settings
- Devices
- Applications
- Manage Cloud Sources
- Vulnerability data
- vCenter
- Threat management solutions
  - Threat Source
- File Monitoring
- Import log data
Admin settings
- Manage Agents
- Agent Settings
- Log Source Groups
- User management
- Accounts Management
- Configuring object level auditing
- Configuring audit policies
- Configuring Windows member server audit policies
- Technician audit
- Advanced Threat Analytics
- Bulk actions for Agents
- Privacy settings
- Notification settings
- Notification Templates
- Working Hour Settings
- Reload Archive Logs
- My account settings
- Product settings
- Log Collection Filter
- Custom log parsing
- License
- Storage Tiers
  - Overview
  - Configuring Storage Tiers
  - Managing Storage Tiers
  - Using Stats Analysis
- Cloud Storage Estimator
- Listener ports
- Log forwarding
Developer space
- Custom Widgets
- Extension Profile Generation
- Extension Builder
Marketplace
- Installing Extensions
- Compliance Extensions
- Nginx
- Veeam
- MariaDB
- Okta
- Dropbox
- MikroTik
- MongoDB
- Topsec
- Sangfor
Ticketing tool integration
- Zendesk
Cloud protection
- Cloud Protection in Log360 Cloud
- Gateway Cluster
- Gateway Server
- Prerequisites for Gateway Server configuration
- Installing Gateway Server
- Endpoint Configuration
- Certificate Authority Configuration
- Manage Certificate Trust Store
- Two-way SSL Support
- Manage Banned Applications
- Manage Sanctioned Applications
- Gateway Server Failover
- Application Insight
- User Access Insight
- Cloud Access Reports
- CASB application reports
- Shadow Cloud Application Reports
- Reports on Banned Cloud Applications
- File Upload Reports
- Threat Analytics in Cloud Protection
- Regenerate Access Key
- Troubleshooting gateway server errors
API Support
Teams
- Overview
- Managing Teams
MSSP Edition
- Introduction
- MSSP Account Setup
- Dashboard
- Manage Customers
- Evaluation Customers
- Customer Portal
- Portal User Management
- Customer Portal MFA
- Centralized Technician audit
- My Account Settings
- Technician Management
- License
Troubleshooting
- Overview
- WMI-based errors
Encryption at Rest (EAR)
Contact us

Related Products
Log360

Comprehensive SIEM and UEBA
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo

Log360 Cloud
Incident Workbench
Advanced Threat Analytics

Advanced Threat Analytics

Please refer to the Incident Workbench Overview page to learn about the feature, and check the Access page to learn how to invoke Incident Workbench from different dashboards of Log360 Cloud.
To access Advanced Threat Analytics data, you can click on any of the following fields that uniquely identify the external sources:

Domain analysis:

Domain
URL Site

IP Analysis:

Remote Device IP
Source IP
Server IP Address
Destination IP
NAT Source Address
NAT Destination Address
Original Client IP
IP Address
Endpoint IP
Private IP
Target IP
Host IP

Log360 Cloud supports the following vendors for the Advanced Threat Analytics in the Incident Workbench:

Log360 Cloud Threat Analytics
Constella Intelligence
VirusTotal

Log360 Cloud Threat Analytics

This is the default integration from Log360 Cloud suite, and can be accessed once the add-on is purchased.

Note: Check out the Advanced Threat Analytics page to learn about the configuration and analysis.

advanced-threat-analytics

Constella Intelligence

By purchasing the Advanced Threat Analytics module add-on, you gain access to dark web monitoring through our integration with Constella Intelligence. This feature allows you to activate monitoring using your organization's domain. Once enabled, it continuously scans the dark web for any compromised data, including credentials, credit card information, and other sensitive details. If any compromised information is detected, the system promptly sends alerts, helping you take proactive steps to safeguard your organization's security.

log360cloud-threat-analytics

VirusTotal

This is a third-party threat feed integration, and follows the Bring Your Own Key (BYOK) model. If you have purchased VirusTotal access separately or if you own a public API key for free, you can use your the key and get the threat analytics information in Log360 Cloud.

Note: Check out the Advanced Threat Analytics page to learn about the configuration and analysis.

advanced-threat-analytics

Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in Log360 Cloud. As long as you don't close the workbench, the analysis will be available even if you log out of Log360 Cloud and login again. You can also save it to an existing incident or create a new one.

© 2025 Zoho Corporation Pvt. Ltd. All rights reserved.