Strengthening security monitoring at San Francisco Department of Public Health with Log360

Breaking down the business requirements

The San Francisco Department of Public Health runs one of the largest and most complex environments within the city. At the center of its security operations is John Shields, the office of cyber security supervisor, who oversees firewalls, network security, and the broader monitoring ecosystem that protects the department’s infrastructure.

With nearly 10,000 users operating inside a single, sprawling Active Directory domain and a mix of firewalls, servers, syslog sources, network devices, and endpoints, Shields and his team needed real, workable visibility. Their existing setup wasn’t giving them that.

They were relying on what Shields described as a “partial Splunk instance” that provided “the bulk logs, but beyond that didn’t really give us much else.” Reporting was limited. Flexibility was lacking. Insight was minimal. For a security ops team, having only raw logs without clarity made day to day work harder than it needed to be.

They needed a SIEM solution that could truly interpret all of this data, not just collect it—something cost-effective, easy to use, and aligned with how the team actually worked.

The solution: ManageEngine Log360

Two factors shaped the team's decision: strict budget constraints and trust built through past experience.

As Shields put it, the “city budget is pretty stretched right now.” At the same time, the team already relied on ManageEngine ADManager Plus and Key Manager Plus. Its positive experience with support and product reliability played a big role in steering it toward Log360.

What mattered most was whether Log360 could consolidate everything the team monitors: Active Directory, firewalls, servers, syslog devices, network equipment, and a few endpoints. According to Shields, the product delivered exactly that:

Log360 gave the team the visibility its Splunk setup never did, with dashboards, a search feature, and reporting that actually helped the team understand what was happening.

Streamlined implementation and expert support

Deployments can get complicated in public sector environments this large, but the department's wasn’t.

Shields explained that the onboarding went “really well” and that he didn’t remember “any difficulties getting anything to work correctly.” Everything functioned the way it should. No rework. No unexpected blockers.

When asked if he’d recommend onboarding services to others, his answer was direct:

For a security operations team tasked with keeping an entire health department safe, a smooth rollout wasn’t nice to have—it was essential.

Outcomes and improvements

Once Log360 went live, the improvement was immediate.

The dashboards became meaningful. Searching across logs became genuinely useful. Visibility sharpened across all monitored systems.

Shields noted that the dashboards are “very helpful” and that the search feature is “helpful for sure.” Rating the usability an eight out of 10 and the likelihood of recommending Log360 a nine makes it clear the product delivered what the team needed.

Asked to describe his overall experience in one word, Shields said “very satisfied,” adding that:

Strengthening the security foundation

With Log360, the San Francisco Department of Public Health now operates with a SIEM solution that supports real-world security work. It gained:

• Visibility across Active Directory, firewalls, servers, and network infrastructure
• Useful dashboards and search that replace noisy, unstructured logs
• A cost-effective platform backed by tools the team already trusted
• An onboarding experience that required no troubleshooting or setbacks

About OnboardPro

OnboardPro is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of product installation, deployment, and use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With custom onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization, and training based on their business needs. For more information, visit manageengine.com/onboarding/manageengine-onboardpro-iam-and-siem-professional-service.html.

About Log360

Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. Vigil IQ, the solution's TDIR module, combines threat intelligence, an analytical Incident Workbench, ML-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks, and it offers an incident management console for effective remediation. With reengineered detection—including a centralized detection console, multi-mode rule creation, tuning insights, and object-level filters—Log360 elevates signal quality and reduces false positives. The solution provides holistic visibility across on-premises, cloud, and hybrid environments with intuitive security analytics and monitoring. For more information about Log360, visit manageengine.com/log-management/ and follow the LinkedIn page for regular updates.