Modern security teams cannot rely only on the logs data to find out potential attacks. We need more information than just what error was triggered, and internal logs will not provide that data for us. The Advanced Threat Analytics (ATA) feature in Log360 Cloud pulls data about malicious IPs, URLs, and domains that have an assigned reputation score and uses that to alert the administrators of any suspicious IP tries to connect to your network.
To enable Advanced Threat Analytics, follow the steps below:
When Enabled, Log360 Cloud correlates the information available in AlienVault OTX to trigger alerts if there's a match. This option only fetches data on the blacklisted IPs.
This option allows Log360 Cloud to provide more context about the potential attack by correlating crucial data such as the first and last time it was detected, reputation score, etc from the threat feed.
Clicking on the icon displays information on the source, the severity of the threat, geo location, and so on.
The ATA add-on lets you access more information about the log. Click on the View button next to the respective log, to open the Advanced Threat Analytics popup. This shows more information such as reputation score, geographical info, along with recommendations to prevent further damage.