Help Document

Advanced Threat Analytics

Log360 Cloud supports the following vendors for the Advanced Threat Analytics in the Incident Workbench:

  1. Check the Access page to learn how to invoke the Incident Workbench from different dashboards of Log360 Cloud.
  2. To access Advanced Threat Analytics data, you can click on any of the following fields that uniquely identify the external sources:
  3. Domain analysis:

    • Domain
    • URL Site

    IP Analysis:

    • Remote DeviceIp
    • Source IP
    • Client IP Address
    • Server IP Address
    • Address
    • Destination IP
    • Device Ip
    • Remote Ip
    • Source Host Address
    • NAT Source Address
    • NAT Destination Address
    • Destination IP
    • Original Client IP
    • IP Address
    • Endpoint IP
    • Private Ip
    • Target Ip
    • Destination Host Address

Log360 Cloud Threat Analytics

This is the default integration from Log360 Cloud suite, and can be accesed once the add-on is purchased.

Note: Check out the Advanced Threat Analytics page to learn about the configuration and analysis.

advanced-threat-analytics

VirusTotal

This is a third-party threat feed integration, and follows the Bring Your Own Key(BYOK) model. If you have bought VirusTotal access separately, you can use your API key and get the threat analytics information in Log360 Cloud.

Note: Check out the Advanced Threat Analytics page to learn about the configuration and analysis.

advanced-threat-analytics

Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in Log360 Cloud. As long as you don't close the workbench, the analysis will be available even if you log out of Log360 Cloud and login again. You can also save it to an existing incident or create a new one.