Advanced Threat Analytics
Log360 Cloud supports the following vendors for the Advanced Threat Analytics in the Incident Workbench:
- Check the Access page to learn how to invoke the Incident Workbench from different dashboards of Log360 Cloud.
- To access Advanced Threat Analytics data, you can click on any of the following fields that uniquely identify the external sources:
Domain analysis:
IP Analysis:
- Remote DeviceIp
- Source IP
- Client IP Address
- Server IP Address
- Address
- Destination IP
- Device Ip
- Remote Ip
- Source Host Address
- NAT Source Address
- NAT Destination Address
- Destination IP
- Original Client IP
- IP Address
- Endpoint IP
- Private Ip
- Target Ip
- Destination Host Address
Log360 Cloud Threat Analytics
This is the default integration from Log360 Cloud suite, and can be accesed once the add-on is purchased.
VirusTotal
This is a third-party threat feed integration, and follows the Bring Your Own Key(BYOK) model. If you have bought VirusTotal access separately, you can use your API key and get the threat analytics information in Log360 Cloud.
Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in Log360 Cloud. As long as you don't close the workbench, the analysis will be available even if you log out of Log360 Cloud and login again. You can also
save it to an existing incident or create a new one.