Click here to expand

    Advanced Threat Analytics

    The Advanced Threat Analytics feature gives valuable insights into the severity of threats using the reputation score for potentially malicious URLs, domains, and IP addresses. To utilize the Advanced Threat Analytics feature, an add-on has to be purchased.

    Please follow the steps below to configure this feature.

    • To purchase the Advanced Threat Analytics add-on, please click here.
    • After purchasing and applying the add-on license, go to Settings → Admin settings → Management Category→ Threat Feeds. The Advanced Threat Analytics tab will be present next to the STIX/TAXII Threat Feeds tab.

    For users with a Log360 Cloud account

    • Navigate to https://log360feeds.manageengine.com/
    • Copy the Advanced Threat Analytics Feed Server access key.
    • In EventLog Analyzer, navigate to Settings → Threat Management → Advanced Threat Analytics.
    • Paste the Access Key in the Access Key box present and click on Connect.
    • The scheduler will be enabled automatically. To change the frequency in which the feeds are populated, click the edit button next to Interval.
      • enable-advanced-threat-analytics

    For users who do not have a Log360 Cloud account.

    • Navigate to https://log360feeds.manageengine.com/
    • Create a Log360 cloud account and sign in using the valid credentials.
    • You can find the Advanced Threat Analytics Feed Server access key on the page displayed.
    • Copy the Advanced Threat Analytics Feed Server access key.
    • In EventLog Analyzer, navigate to Settings → Threat Management → Advanced Threat Analytics.
    • Paste the Access Key in the Access Key box.
    • The scheduler will be enabled automatically. To change the frequency in which the feeds are populated, click the edit button next to Interval.

      • threat-management-schedule-interval

    Threat Analytics Report

    The External Threats report under the Threat Analytics tab contains information on the source, the severity of the threat and more.

    • Click View under the Advanced Threat Analytics column. This gives you additional information about the source of the threat.

      • external-threats

    • Additional information on the source of threat such as geographical information will be displayed in the popup.

      • external-threat-alerts-advanced-threat-analytics

      external-threat-alerts-advanced-threat-analytics

    Threat Alerts

    • In the Alerts tab, additional information on the source of threat can also be viewed by clicking the Threat Analysis icon next to the alert format message on relevant alerts.

      • threat-alerts

    • Clicking the icon displays information on the source, the severity of the threat, and more.

      • threat-alerts

      threat-alerts

    On this page

    Get download link