Help Document

Available reports

Warning: This feature has been removed for Log360 Cloud agent users. This page is made available only for users who are still using EventLog Analyzer for log collection.

Log360 Cloud provides comprehensive reports for log sources: Windows, Unix, network devices, applications, threat sources, vulnerability scanners, and vCenter. These reports provide details about events such as who performed what and from where.

Available reports

Report category Available reports
Windows
  • Windows severity
  • Trust relationships changes
  • Threat detection
  • Windows failed logons
  • Windows risk
  • Program inventory
  • Threat detection from antivirus
  • Application whitelisting
  • Hyper-V VM management
  • Windows backup and restore
  • Windows logoff
  • File monitoring
  • Computer account management
  • User account management
  • Windows firewall auditing
  • Network policy server
  • GPG compliance
  • Network share
  • Process tracking
  • Windows logon
  • OU changes
  • Infrastructure
  • Registry changes
  • Group management
  • DNS server
  • Windows firewall threats
  • Policy changes
  • Hyper-V server events
  • AD DNS server
  • GPO changes
  • Application crashes
  • Domain controller logon
  • Removable disk auditing
  • Data theft detection
  • Domain events
  • Windows system events
Vulnerability
  • Nessus compliance
  • Nessus vulnerability
  • OpenVas
  • NMAP
  • Top reports
  • Qualys
Unix
  • Unix threats
  • Unix mail server
  • Unix user account management
  • Unix FTP server
  • Unix failed logon
  • VMWare system events
  • SU commands
  • Unix logon
  • Unix removable disk auditing
  • Unix risk
  • VMWare server events
  • AS400
  • Unix other events
  • Unix severity
  • Unix NFS events
  • Unix logoff
  • Unix system events
  • VMWare logons/logoff
Network devices

Predefined reports for Barracuda, Check Point, Cisco, Fortinet, Huawei, Juniper, Meraki, NetScreen, Palo Alto, SonicWall, Sophos, and WatchGuard devices.
  • Network device risk
  • Router/Switch system events
  • Firewall traffic
  • Firewall VPN logon
  • Router accepted connections
  • Router traffic rrrors
  • Firewall threats
  • Firewall account management
  • Firewall denied connections
  • IDS/IPS activity
  • Router configuration
  • Router denied connections
  • Network device severity
  • Firewall logon
  • Router logon
  • Router traffic report by protocol
Threats
  • Symantec DLP
  • FireEye
  • Symantec
Applications
  • Terminal server gateway logons
  • Terminal server gateway top reports
  • Apache web server attack
  • IIS web server attack
  • Printer auditing
  • Oracle server auditing
  • Oracle account management auditing
  • SQLserver security
  • SQLserver DML auditing
  • Oracle database object changes
  • Terminal server gateway communications
  • IIS web server top reports
  • IIS web server errors
  • SQLserver auditing
  • Oracle security
  • SQLserver DDL auditing
  • DHCP Linux based server
  • Apache web server errors
  • DHCP Windows based server reports
  • IIS FTP server
  • SQLserver account management auditing
vCenter
  • Permission changes
  • Role changes
  • Cluster changes
  • Datacenter changes
  • Folder changes
  • VM changes
  • Datastore changes
  • Host changes
  • Resourcepool changes