Invoking Zia Insights

    Last updated on:

    In this page

    Overview

    Zia Insights is an AI-powered capability that delivers contextual security insights by analyzing logs, alerts, and incidents. These insights help interpret security activity, identify impacted entities, map observed behavior to the MITRE ATT&CK® framework, and determine recommended response actions.

    This page explains how to invoke Zia Insights from the Search, Alerts, and Incidents modules of ManageEngine Log360 Cloud.

    1. Log in to the product console.
    2. Go to the Search tab.
    3. Perform a search query using either the basic or advanced mode.

      NOTE Refer to this video to learn how to perform log searches.

    4. In the search results, hover over a specific log entry.
    5. Click on the Zia icon on the top-right corner of the log entry to view insights generated by Zia.
    Zia Insights generated for the selected log
    Figure 1: Invoking Zia Insights from Search

    Insights provided by Zia for Search

    Zia will process the selected log and display contextual insights, including a summary, associated MITRE ATT&CK® techniques (if applicable), and suggested mitigation steps.

    Zia Insights generated for the selected log
    Figure 2: Zia Insights generated for the selected log

    Invoking Zia Insights from Alerts

    1. In the product console, go to the Alerts tab and select Alerts.
      NOTE Use the Select view dropdown to filter alerts. Select from Critical Alerts, Trouble Alerts, or Attention Alerts. You can also use the default All Alerts view or add a custom view using Add Custom View.
    2. Select an alert from the list.
    3. Click on the Zia Insights icon displayed at the top-right corner to generate Zia Insights.
      4. Invoking Zia Insights from Alerts
      Figure 3: Invoking Zia Insights from Alerts

    Insights provided by Zia for Alerts

    For alerts, Zia Insights provides contextual summary, attack timeline, relevant MITRE ATT&CK® techniques (if applicable), and mitigation steps based on the alert data.

    Zia Insights generated for Alerts
    Figure 4: Zia Insights generated for Alerts

    Invoking Zia Insights from Incidents

    1. In the product console, go to the Alerts tab and select Incident.
      NOTE Use the Select view dropdown to filter incidents. Select from All Incidents, Active Incidents, Critical Incidents, or create a new one using Add Custom View.
    2. Select an incident from the list.
    3. Click on the Zia Insights icon to generate insights.
    Invoking Zia Insights from Incidents
    Figure 5: Invoking Zia Insights from Incidents

    Insights provided by Zia for Incidents

    When invoked from the Incident console, Zia Insights provides details on involved actors, a chronological evidence timeline, evidence summary, and relevant MITRE ATT&CK® techniques based on the incident data.

    Zia Insights generated for Incidents
    Figure 6: Zia Insights generated for Incidents

    Read also

    This document explained how to access Zia Insights from Search, Alerts, and Incidents within ManageEngine Log360 Cloud to generate AI-powered security insights. For a comprehensive overview of Zia Insights and instructions on how to leverage its capabilities effectively, refer to the following articles: