Welcome to ManageEngineLog360's Elevate!

Course outline

ManageEngine Log360's Elevate is a self-paced learning program where you'll gain in-depth knowledge about the different capabilities of Log360, our security information and event management (SIEM) solution. In this program, you'll be trained to utilize the solution to the fullest. This one-step-at-a-time learning program will help you gain in-depth knowledge about Log360, which will help you improve your security posture.

Course structure

Log Management Fundamentals

  • Session 1:
  • Session 2:

Log parsing and forensic analysis 2 hours

Description
  • The importance of log data
  • Optimizing log collection: What to collect and what not to collect
  • Enabling auditing policies
  • Auto-discovery of devices, and configuring log collection
Objective
  • Understand the importance of log data
  • Learn how to configure log collection in different devices

Log archival 3 hours

Description
  • A walk-through of Log360's archival capability
  • A mechanism to calculate the storage space required for log archival
  • How to reload and conduct forensic analysis on log data (explained with a use case)
Objective
  • Understand log archiving
  • Conducting forensic analysis

Security Analytics

  • Session 1:
  • Session 2:

Bringing together all security events 2 hours

Description
  • Different platforms that we monitor (physical, virtual, and cloud)
  • Security auditing (a platform-wise walk through of dashboards)
    1. Security event monitoring
    2. Active Directory auditing
    3. Email and Exchange server security analytics
    4. Cloud platform security analysis
Objective
  • Understand different platforms monitored
  • Security auditing

The security analytics components2 hours

Description
  • Privileged user monitoring (ELA/ADAP reports)
  • User access monitoring (ADAP reports)
  • Threat identification from perimeter devices (firewall reports)
  • Real-time event response system
    1. Meticulously drafted alert profiles
    2. Building custom alert profile
Objective
  • Understand user monitoring
  • Real-time threat management

Incident Management Fundamentals

  • Session 1:
  • Session 2:
  • Session 3:

Incident detection 3 hours

Description
  • Detecting incidents through log correlation
    1. Leveraging pre-built rules
    2. Building custom rules
  • Incident detection through the threat analytics platform
    1. How preconfigured threat alerts work
    2. Integration between the TI platform and log correlation illustrated with an example
  • Advanced threat analytics to probe into detected security
Objective
  • Threat analytics
  • Incident management

Incident detection - UEBA 3 hours

Description
  • Insider attack detection through the user and entity behavior analytics add-on (UEBA)
    1. The UEBA engine: Technology used and how it works
    2. Detecting user and entity anomalies (account compromise, data exfiltration, etc.)
    3. An effective method of coupling risk scores with anomaly detection
    4. A typical security use case
Objective
  • Insider attack detection
  • UEBA

Incident resolution3 hours

Description
  • Speeding up and ensuring accountability in the incident resolution process
  • Automated workflow: Construction and association with alert profiles
  • Integration with ITIL® tools to ensure accountability in the incident resolution process
    1. Security orchestration explained
    2. Rule-based ticket assignment
Objective
  • Incident resolution management
  • Workflow management

Compliance Management

  • Session 1:

Compliance management 2 hours

Description
  • The history and importance of regulatory mandates
  • Making auditing easier with audit-ready report templates
  • Generating incident reports
  • Setting up compliance violation alerts
  • Detecting a data breach: Use case
Objective
  • The importance of compliance management
  • Auditing

Combating advanced persistent attacks

  • Session 1:

Combating advanced persistent attacks 2 hours

Description
  • Breaking the cyber kill chain with Log360
    1. Dealing with the reconnaissance stage
    2. Detecting the weapons: Suspicious software installation
    3. Spotting the delivery and exploitation
    4. Identifying lateral movements with some examples
      1. Credential dumping
      2. Pass-the-ticket attack
    5. Stopping the C&C and data exfiltration
Objective
  • Cyber kill chain
  • Different kinds of cyberattacks

Want to get in touch with us for a crash course?

Learn more

Want to explore the solution in action live?

Learn more

© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.