icon-pdfDownload PDF lhs-panel
lhs-panel Click here to expand

Welcome to Log360

Log360, a comprehensive SIEM tool, helps you resolve numerous IT security challenges including log management, Active Directory auditing, public cloud log management, meeting compliance requirements, protecting confidential data from security breaches, and much more through a simple and easy-to-use interface.

This integrated solution has the following components:

ADAudit Plus

ADAudit Plus, the Active Directory auditing component of Log360, helps you to monitor changes in the Active Directory environment. This component collects logs of all the changes happening in the AD infrastructure and processes them to generate reports and trigger alerts.

ADAudit Plus comes with prepackaged reports that help you to track user logon actions, changes to GPOs, OUs, groups, computers, and domain policies. It also provides real-time email or SMS notifications upon the occurrence of any anomalous change activities in your AD environment.

With this component,

  • Generate reports based on your own rules - build reports that meet your specific internal requirements.
  • Archive audit log data - automatically archive all collected audit log data thus making forensic analysis easier than ever before.
  • Real-time alerts and email notifications - get instant alerts on audit events based on configured alert profiles.

And that's not all. Learn more about this component right here.

EventLog Analyzer

EventLog Analyzer centrally collects, normalizes, analyzes, correlates and archives log data from sources across the network. This component can process log data from 700+ sources including applications such as IIS web servers, Apache web servers, Oracle, MS SQL, vulnerability scanners, and more. In fact, this component can process your in-house or custom application logs with its Universal Log Parsing and Indexing (ULPI) technology.

This component provides,

  • Both agent based and agent-less log collection mechanism.
  • Out-of-the-box reports that help to gain complete visibility into your security framework.
  • Real-time email or SMS notification feature that helps to mitigate security attack attempts instantly.
  • Powerful yet easy to use search engine that helps you to conduct root cause analysis or forensic investigations.

And, this is a non-exhaustive list. Learn more about EventLog Analyzer.

M365 Manager Plus

M365 Manager Plus is a comprehensive Microsoft 365 tool to manage Exchange Online and Azure Active Directory from one place. It provides an exhaustive list of preconfigured reports, audits all user and admin activities, and lets you create custom alerts for critical events in your Microsoft 365 setup to get real-time email alerts.

With this component,

  • Know about inactive, locked-out, and never-logged on users to take necessary action quickly.
  • Audit non-owner mailbox accesses, admin activities, and mailbox delegations to check for malicious activities.
  • Track owner, non-owner, and admin activities on Exchange Online groups, group delegations, emails sent as groups, and more.
  • Check for failed logon attempts due to an invalid username or password, which are indicators of brute force attacks.
  • Keep track of password, license, and group membership changes made.
  • Ensure compliance with industrial mandates like SOX, PCI-DSS. FISMA, HIPAA, and GLBA.

Exchange Reporter Plus

Exchange Reporter Plus is a change auditing solution that allows you to monitor email traffic, audit your Exchange event logs, and receive real-time alerts about critical changes that require your attention.

This Log360 module allows you to:

  • Audit non-owner mailbox logons.
  • Track mailbox permission changes.
  • Monitor Exchange databases that have been mounted or dismounted.
  • View admins', owners', and delegates' mailbox activities.
  • Get real-time alerts about Exchange Server changes.
  • ...and do so much more.

Click here to know more about Exchange Reporter Plus.

User and Entity Behavior Analytics (UEBA)

Log360 UEBA, powered by Machine Learning (ML), detects anomalies by recognizing subtle shifts in user activity. It helps you identify, qualify, and investigate threats that might otherwise go unnoticed, by extracting more information from your logs to give better context.

The capabilities of Log360 UEBA include,

  • Anomalous User and Entity Behavior Analytics: Spot deviant user and entity behavior such as logons at an unusual hour, excessive logon failures, and file deletions from a host that is not generally used by a particular user.
  • Score-based Risk assessment: The Log360 UEBA dashboard gives you greater visibility into threats with its score-based risk assessment for users and entities. This approach helps you determine which threats actually merit investigation.
  • Threat Corroboration: Log360 UEBA identifies indicators of compromise (IoC) and attack (IoA), exposing major threats including insider threats, account compromise, and data exfiltration. 

DataSecurity Plus

DataSecurity Plus, is a data visibility and security solution, capable of data discovery, file storage analysis, and Windows file server auditing.

The capabilities of Data Security Plus include,

  • Data discovery: Find, analyze, and track sensitive personal data also known as personally identifiable information (PII) stored in files, folders, or shares.
  • File server auditing: Audit and monitor, report and alert on all file accesses and modifications made in your file server environment in real time.
  • Storage analysis: Analyze and identify redundant, outdated, and trivial data to declutter your file servers and cut storage costs.

ADManager Plus

The ADManager Plus component of Log360 provides over 200 out-of-the-box reports on Active Directory users,computers, groups, OUs, Group Policy Objects, file server permissions, and more to help you visualize key security configurations in Active Directory.

Below are the salient capabilities of the ADManager Plus component:

  • Generates critical reports such as recently created, deleted, and modified Active Directory objects.
  • Helps you spot security loopholes such as groups without members.
  • Provides crucial security details during a security investigation such as unused user accounts, NTFS permissions, and more in just a few clicks.
  • Generates audit reports to help you meet regulatory mandates.

Cloud Security Plus

Cloud Security Plus is a public cloud log management tool for Amazon Web Services and Microsoft Azure. With comprehensive reports, easy search mechanism, and customizable alert profiles, it enables you to track, analyze, and react to events happening in your cloud infrastructure. Thus facilitating the smooth functioning of your business in a secure and protected cloud.

This Log360 component offers:

  • Detailed reports for the AWS cloud environment.

    A number of predefined reports on events that occur in Amazon EC2, WAF, RDS, STS, EBS, VPC, ELB, and S3.

  • Activity tracker for the Microsoft Azure cloud.

    Reports provide insights on user activity and any changes made to network security groups, virtual networks, DNS zones, virtual machines, databases, and storage accounts.

  • An easy search through log data.

    Find what you're looking for with the smart log search engine and the advanced search options provided.

  • Alerts that keep you in loop.

    Get notifications via email when unusual activities and other security threats occur.

Click here to know more about Cloud Security Plus.

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link