Log360 Release Notes

Enhancement

• "Exclude OUs" component is now available in Log360, aligning it with EventLog Analyzer's functionality. Users can select a parent OU without including child OUs by enabling the 'Exclude child OU(s)' option under the OU Filter.

Enhancements

• The Java Runtime Environment (JRE) package has been upgraded to Zulu JRE 1.8.0_345 for Log360, along with its bundled components ADAudit Plus, EventLog Analyzer, and Log360 UEBA.

Note: Service pack updates for Log360 will not upgrade the Zulu JRE 1.8.0_345 for Log360's components.

Issue Fix

• An issue during bulk device synchronization between EventLog Analyzer and Log360, that occurred when the Convert host call API threshold limit exceeded 200 per minute, has been rectified by increasing the limit to 1500 per minute.

Issue Fix

• Issues with the node name in the Search Engine Management console have been fixed. This occurred when EventLog Analyzer was integrated with Log360 using an IP address or Fully Qualified Domain Name (FQDN).

Enhancement

• All component integrations will now require the credentials of the component's super administrator.

New Feature

• Log360 now offers out-of-the-box compliance reports for the New Federal Act on Data Protection (nFADP).

New Feature

• Log360 now offers out-of-the-box compliance reports for the European Union's Network and Information Systems Security Directive (NIS 2).

Enhancement

• The bundled PostgreSQL database of Log360 along with EventLog Analyzer and Log360 UEBA has been upgraded to 14.12.

Note: Service pack updates for Log360 will not upgrade PostgreSQL (14.12) for the Log360's components.

Enhancement

• A dedicated troubleshooting page has been created to address errors that occur when clicking the component app icon in AppsPane.

Issue Fix

• Minor bugs have been fixed to improve overall performance, stability, and user experience.

Features

• Out-of-the-box compliance reports are now available in Log360 for the following compliance standards:
  • PCI-DSS, updated to version 4.0
  • ISO 27001-2022

Issue fixes

• An issue in viewing the domain dropdown in the ADAudit Plus and ADManager Plus tabs on the home dashboard has been fixed.
• An issue in delegating EventLog Analyzer to Log360 technicians when the device group count exceeds 50 has been fixed.

Enhancement

• Maverick SSH library has been upgraded to support OpenSSH v7.8+ SSH keys.

Issue fixes

• The issue with NTLM SSO authentication has now been fixed.

Issue fixes

• The product version in the registry will now be updated automatically during the service pack upgrade.
• The issue where decommissioned devices were incorrectly allocated in child products, EventLog Analyzer and ADAudit Plus has been resolved.
• An issue preventing password change when using special characters has been fixed.
• The issue preventing logos with spaces in their file names from displaying in the UI has been corrected.
• The issue with fetching restored Active Directory user objects in Centralized Technician Management has been addressed.
• The integration failure when a child component's server was assigned multiple IP addresses has been resolved.

New Feature

Integration with ManageEngine's privileged access management solution, PAM360

Log360 now integrates seamlessly with ManageEngine PAM360, fortifying your privileged access routines. This integration enables you to:

• Use the dashboard to view the password and user activity of PAM360 from Log360's console.
• Meet multiple compliance regulations and generate clear, concise audit records.

Enhancements

• Minor usability enhancements have been implemented in Log360 to improve the user experience.
• The SIEM component now ensures consistent loading even after multiple reloads.

Enhancements

• Inline errors are introduced in the password fields.

Issue Fixes

• The password complexity tooltip now correctly appears when passwords that meet the requirements are pasted.

Issue fixes

• Repetitive database synchronization calls have been reduced for the optimal use of heap.
• An unknown server being added to the Search Engine Management page during the initial launch of Log360 has been fixed.

Enhancements

• Bugs in the home dashboard module have been fixed to enhance the performance, stability, and user experience.
• Following the integration of ManageEngine applications from the Log360 suite, the home dashboard will automatically feature a dedicated tab for that application.

Enhancements

• Only domains with technicians configured will appear in the drop-down menu for Login authentication type.

Issue Fix

• An unidentified node error encountered in the Search Engine Management. console following the migration of Log360 to a new server has been resolved.
• A problem with viewing the ADAudit Plus domain OU in Device Allocation Management has been addressed.
• An issue where the ADAudit Plus integration tab was missing after updating Log360 has been rectified.

Features

• Global search: The global search feature has been added to Log360, enabling searches across all sections, including Reports, Compliance, Administrative Settings, and Help Documentation.
• Dark web monitoring

  You can now scan the deep and dark web continuously for leaked credentials and personal information associated with your organization, employees, and third-party vendors in Log360 through our partnership with Constella Intelligence.

  You can identify if your domains or other digital assets have been compromised in supply chain breaches through real-time alerts, and investigate and respond to threats quickly and efficiently.

  Learn more
• Integration with ManageEngine's EDR, Endpoint Central:

  Log360 now integrates seamlessly with ManageEngine Endpoint Central, fortifying your endpoint security posture. This integration enables you to:

  • Leverage advanced correlation rules and custom alert profiles to detect potential exploits targeting vulnerabilities and misconfigurations.
  • Detect privilege escalation and lateral movement attempts, zero-day vulnerability exploitation, and more.
  • Mitigate threats efficiently by approving and deploying patches directly through new incident workflow actions.
  Learn more
• External threat feeds integration:

  You can now import Sigma rules into Log360 as alert profiles and detect security threats.

  Sigma is a widely adopted format for security signatures, allowing you to detect suspicious activities in your environment.

  • Log360 now supports comprehensive monitoring of your Salesforce Cloud environment.

Enhancement

• The GUI of the compliance page has been revamped. This will enable enhanced navigation and management of compliance reports.
• Correlation rule package

Log360 now adds 16 new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting living off the land attacks.

Note: EventLog Analyzer should be upgraded to version 12460 for the MS SQL risk posture feature to function properly.

Enhancement

• Internal Code Refractoring and Product Cleanup which includes code, libraries and files.

Enhancements

• Support for Duo Security Web v4 SDK: You can now configure Duo Security using Web v4 SDK as a secondary authentication factor to verify users when they log into Log360. Duo security has announced end-of-life for Web v2 SDK on 30 March, 2024. We recommend all users to configure Web v4 SDK immediately.
• Tomcat has been upgraded from version 9.0.82 to 9.0.83. This upgrade addresses the session timeout issue in Tomcat.

Features

Incident Workbench

Log360 now introduces an exclusive threat investigation console in its SIEM component for advanced contextual analytics with multiple integrations. This console is called the 'Incident Workbench' and can be invoked from multiple dashboards of SIEM. The features include the following:

• User behavior analytics and activity overview

  This analysis is offered through UEBA.

• Process analytics

  This analysis consists of process spawning with parent-child process trees available in multiple graphical formats.

• Threat analytics

  This analysis is offered through the integration of Log360's Advanced Threat Analytics for in-depth risk analysis of IPs, URLs, Domains, and files. Along with the default threat analysis available under Log360 Cloud Threat Analytics, the integration of VirusTotal, one of the largest live threat feeds, is also introduced in this release and will be available in the Incident Workbench

Users can add upto 20 analytical tabs in a single instance of the Incident Workbench and can save it to Incidents as Threat Evidences.

Device summary

Log360 now introduces an analytical console to view the overall device summary events. This console can be invoked from the SIEM dashboards. Users can find event summary for the selected period, top active users, file monitoring events, device severity events, alerts summary, and activity overview for the applications configured in the device.

Enhancement

• Correlation rule package

  Log360 now adds 50+ new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting suspicious process spawning, use of prevalent attacker tools like Mimikatz and Metasploit, and living off the land mechanisms with the exploitation of native binary tools and utilities.

Issue fixes

• An issue that caused errors when adding Active Directory (AD) technicians to Data Security Plus via Log360 has been resolved.

New feature

• Log360 can now be integrated with Log360 MSSP (Build 4000).

Issue fix

• The issue causing PPM failure during the upgrade of Log360 builds between 5220 and 5261 to break PPM 5400 has been resolved in build 5402.

Enhancements

• The public key certificate used for service pack upgrade has been updated. This will enable seamless application of upcoming service packs.

Feature enhancement

ML based automation for alerts threshold:

Log360 now offers an industry-first, dual-layered system for precise and accurate threat detection in its TDIR module, VigilIQ. The new adaptive threshold feature

• Uses ML algorithms to analyze the usual occurrence of events
• Automatically determines the threshold values to trigger alerts
• Enhances alert efficiency by minimizing false positives and optimizing true positive triggers

Enhancement

• The version of Tomcat bundled with the product has been upgraded to 9.0.82
• JSON library used in the product has been upgraded to the latest version (json-20231013), thereby preventing potential vulnerability (CVE-2023-5072).
• For enhanced security, user permission for the product's root folder has been modified. Permanent access to the folder will only be given to the installed user and the administrator group users. Learn how to secure your Log360 installation.

Issue Fix:

• Issue with the integration removal process of EventLog Analyzer/ADAudit Plus has been fixed.

New feature:

New out-of-the-box compliance reports: Audit ready and out-of-the-box compliance reports are now available for the following compliance standards:

• Qatar Cybersecurity Framework (QCF)
• Trusted Information Security Assessment Exchange (TISAX)
• Kingdom of Saudi Arabia Essential Cybersecurity Controls (KSA-ECC)
• Saudi Arabia's Personal Data Protection Law (PDPL)
• National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
• United Arab Emirates National Electronic Security Authority (UAE-NESA)
• General Law for the Protection of Personal Data (LGPD)

These out-of-the-box compliance reports will help monitor the security posture of the network, and stay compliant to the respective compliance mandates.

Fixes:

• Invalid license error while applying license has been fixed.
• Auto update issues have been fixed. (Note: Users must upgrade to build version 5334 or above manually for auto updates to work in the future builds.)

New Feature:

Security and risk posture management for MSSQL servers

Log360 is now equipped with the security and risk posture management feature for MSSQL servers. With this, the users can:

• Check whether the MSSQL servers meet the benchmark requirements set by CIS (Center for Internet Security). This feature uses rule sets based on this framework to verify security of MSSQL server
• Calculate risk percentage of MSSQL servers based on failure or success of rules.
• Get insights and remedial steps for failed rules to reduce risk percentage.

Note:
EventLog Analyzer needs to be upgraded to build 12323 for this feature to be available.

Enhancements

• The loading time of the dashboard has been reduced, enhancing dashboard performance.
• Log360 is now compatible with ADAudit Plus 7215.

Enhancements

• Resolved server output growth issues.

Enhancements

• Get to know the compliance mandates that Log360 adheres to in the Support tab.

Enhancement

• Elasticsearch will now automatically restart if it crashes

New feature

• Log360 now has out-of-the-box compliance reports for the Systems and Organization Controls (SOC 2).

Issue Fix

• This release fixes the security vulnerability (CVE-2023-35785), reported by dalt4sec.

Feature

• IP-based Access Restriction: You can now allow or restrict access to Log360 and its integrated components (Exchange Reporter Plus, EventLog Analyzer, ADManager Plus, ADAudit Plus) based on a specific or range of IP addresses. Also, access can be allowed to APIs and product URLs separately.
• The Centralized Technician Management feature now supports limited editions of ADManager Plus.

Issue Fixes

• SSL ciphers have been upgraded to support forward secrecy.
• Minor bugs have been fixed.
  • The time taken to load the Create New/Edit Compliance page has been reduced.
  • PostgreSQL reports in CCPA has been added.
  • Component down shown in Log360 dashboard after changing the protocol has been fixed.
  • Azure Cloud Directories that were incorrectly synced have been removed from Log360 domains and the delegations have been properly handled

Enhancement

• The start-up speed in Log360 has been improved.

Issue Fix

• Issues with integration details not being removed from Eventlog Analyzer during integration removal process has been fixed.

Issue Fix

• The out of memory issue has been fixed in larger environments.
• Issues with syncing Active Directory Users under the Centralized Technician Management console after upgrading to build 5300 and above have been fixed.

New feature

• Log360 now has out-of-the-box reports that helps government institutions meet the Criminal Justice Data Communications Network (CJDN) network security policies.

Fix

• Issue when trying to enter the password during remote integration has been fixed.

Enhancement

• Product will now automatically increase the heap allocated (when not sufficient) for Elasticsearch.
• The version of Tomcat bundled with the product has been upgraded to 9.0.65.
• The version of 7zip bundled with the product has been upgraded to 21.6.

New Feature

• Log360 now has out-of-the-box compliance reports for the Saudi Arabian Monetary Authority (SAMA) cybersecurity framework.

New Feature

Security and risk posture management

• Log360 is now equipped with the security and risk posture management feature for Active Directory. With this, the users can:
  • Get to know the overall risk posture of Active Directory infrastructure based on Microsoft's Security Guidelines. The solution also offers users insights on the vulnerability and recommendations on fixing them.
  • Continuously assess the Active Directory environment for security risks and get granular visibility into the weak and risky configurations of AD.
  • Customize the risk rules based on the internal security requirements.

Feature

• Compliance Support is now available in Log360 for ELA Cloud Sources - AWS Cloud Source logs.

Note : EventLog Analyzer needs to be upgraded to build 12280 for this feature to be available.

Issue Fix

• 'Wrapper in use' error that occurred while upgrading PPM has been fixed.

New Features

Log360 now monitors the data folder(s) of Search Engine (Elasticsearch) and notifies you when the drive where the indexed data is stored, has only 5GB of disk space left.

Note:

• EventLog Analyzer needs to be upgraded to build 12274 for this feature to be available.

Hot Fixes

• Config file corruption due to insufficient storage has been fixed.
• Issues with accessing Log360 UI post upgrade (in build versions 5269 and above) have been fixed.

New feature

• A customizable dashboard where the user will be able to add tabs, customize tabs, add widgets, customize widgets with other customizations such as Full Screen and Dark theme.

Enhancement

• The GUI of the dashboard page in Log360 has been revamped.

New feature

• Log360 now offers audit-ready compliance reports for:
  • GLBA
  • ISO 27001:2013
  • Cyber Essentials
  • ISLP
  • NRC
  • COCO
  • NERC
  • FERPA
  • PDPA

Features

• In-app push notifications: Get notified about security releases and vulnerabilities within the app.

Enhancement

• Log360 now allows you to configure your mail server using SMTP (Basic or OAuth authentication) or using your mail service provider’s API.

Important Update

• Third-party requirement for NTLMv2 SSO: To enable NTLMv2 SSO for ManageEngine Log360 and the integrated components in builds 5282 and above, you will have to manually download the Jespa JAR file and add it to the product's lib folder. For more information, click here.
• Note for customers who are on build 5281 or lower: If you have already enabled NTLMv2 SSO, you can continue using the feature and no further actions are needed.

Notes: Please ensure that you integrate EventLog Analyzer version 12250 or above in the latest and upcoming builds of Log360 (Build 5282 and above).

Enhancements

• The Centralized Technician Management feature now supports limited editions of M365 Manager Plus and Exchange Reporter Plus.

Fixes

• Issues while editing multiple delegations using Log360's Centralized Technician Management console have been fixed.

Features

• You can now reorder the integrated components in the apps pane.
• Microsoft Authenticator and custom TOTP authenticator can be added.
• Log360 now provides out-of-the-box compliance reports for California Privacy Rights Act (CPRA).

Enhancements

• The GUI of the integration page in Log360 has been revamped.

Fixes

• Issues faced by admin technicians in downloading scheduled compliance reports have been fixed.
• An issue where emails had corrupted zip files for scheduled compliance reports in CSV format has been resolved.
• Issues in translating the overview PDF to Japanese and Chinese in scheduled compliance reports have been fixed.

Fix

• When you add a new technician using Log360's Centralized Technician Management console and delegating that technician with access to EventLog Analyzer component, there was an issue in delegating device groups, when the count was more than ten. This issue has been fixed.

Enhancements

• When EventLog Analyzer is integrated with Log360, the disconnected or stopped child product's Elasticsearch node will auto restart when Log360 is started.

Note: EventLog Analyzer needs to be upgraded to build 12239 for this feature to be available.

Enhancement

• The size of the installation file (.exe) has been reduced.

Fixes

• Internal code refactoring has been done.
• With the centralized technician management feature (from Build 5250), there was an issue with managing the existing AD technician accounts before the upgrade. This issue has been fixed.

Enhancements

• Java Runtime Environment (JRE) package has been upgraded to Zulu JRE 1.8.0_282.

New feature

• The default installation location has been changed to Program Files/Program Files(x86), based on the architecture.

Note: Kindly ensure that you integrate EventLog Analyzer version 12225 or above in the latest and upcoming builds of Log360 (Build 5268 and above).

Fixes

• Device synchronization issues have been fixed.
• Installation and uninstallation issues have been fixed.
• Out of memory issues have been fixed.
• Domain synchronization issues have been fixed.

Fix

• While integrating a product in Log360 using an alias name, SAN names revert to the common name or hostname. This is now fixed.

Feature

• Browser notifications: Get push notifications in your web browser for product downtime, updates, new events (workshops, webinars, seminars), and more.

Fixes

• Issues while accessing Eventlog Analyzer reports tab from Log360's apps pane using the reverse proxy URL are fixed.
• Reflected XSS is fixed.
• CSRF token generation will be session-based now.

Issue fixes

• A rare upgrade failure issue has been fixed.
• Issues with auto update for builds starting from 5256 have been fixed.

Note: Auto update will not work for builds starting from 5256 to 5261. Users will have to manually update these builds.

Enhancements

• The version of Spring Framework jar bundled with the product has been upgraded to 5.3.18.

Enhancements

• Internal code refactoring for enhanced security.

New feature

• Log360 now has out-of-the-box compliance reports for the Protection of Personal Information Act (POPIA).

Fix

• Issue in Startup notification mail has now been fixed.

New feature

• Log360 now has out-of-the-box compliance reports for the Cybersecurity Maturity Model Certification (CMMC).

New feature

• Centralized Technician Management: Technicians accounts can be managed centrally from the Log360 UI for all the components.

Note: Limited versions of ADManager Plus, M365 Manager Plus and Exchange Reporter Plus do not support Centralized Technician Management Feature.

Fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-44832).
• Removed log4j-1.2.15.jar in Log360\lib folder

Issue fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-45105).

Issue fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-45046).
• JAR-hell issue post 5243 service pack is fixed.

Fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-44228).

Enhancement

• Internal code refactoring for enhanced security.

Fix

• Clickjacking vulnerability which could allow an attacker to disclose information or redirect users, has been patched.

Enhancement

• The version of PostGreSQL bundled with the product has been upgraded to 10.18.

Enhancement

• Security Hardening tab to manage and configure all security settings of Log360 from one place.
• Mandatory default password change for built-in admin account.

Fixes

• Internal Bug Bounty fixes
• Internal code refactoring

Fix

• Apache Struts dependency has been removed from Log360 to fix the vulnerabilities caused by it.

Fix

• This release includes a fix for a critical security vulnerability with ID CVE-2021-20136, to prevent remote code execution (RCE).

Fix

• This release includes a fix for the remote code execution (RCE) issue when migrating the DB server, reported by moon.

Fix

• Internal code refactoring has been done.

Fix

• Internal code refactoring has been done.

Issue fix

• An authentication bypass vulnerability affecting REST API URLs, which was rated critical, has now been fixed.

Fix

• EventLog Analyzer was not loading properly when accessed from Log360's apps pane. This issue was observed in builds released post 12160 and 5220 of EventLog Analyzer and Log360 respectively. It has now been fixed.

Fixes

The following security issues have been fixed.

• ZVE-2021-2132: Remote code execution issue using BCP file overwrite reported by Sahil Dhar.
• ZVE-2021-2020: Multiple stored cross-site scripting vulnerabilities reported by Sahil Dhar.
• ZVE-2021-2407: OS Command injection vulnerability reported by Thai.

Fixes

• The CSRF vulnerability has been fixed to prevent possible attacks.
• The following security issues have been fixed:
  • ZVE-2021-2034: The CSRF vulnerability in disabling logon security settings. (The issue was identified by reporter, Sahil Dhar).
  • ZVE-2021-2018: Remote code execution using the arbitrary file overwrite vulnerability. (The issue was identified by reporter, Sahil Dhar).
  • ZVE-2021-2033: The issue in validating LOGO_PATH key value in the stored XSS logon settings. (The issue was identified by reporter, Sahil Dhar).

Issue fixes

• This release includes the fix for ZVE-2021-1509 unrestricted file upload issue that led to remote execution of code, thereby allowing unauthorized access to the server, reported by Sahil Dhar.
• It also includes the fix for CSRF ZVE-2021-1508 vulnerability attack on proxy settings that has been restricted, reported by Sahil Dhar.

Bug bounty fix

• Zip-Slip vulnerability that arises when uploading a zip in SSL certification tool has been fixed.

New feature

Centralized device allocation:

• Windows devices can be centrally managed across the log management and active directory auditing components of Log360.

Enhancements

• The log management component of Log360 can now be deployed in distributed environments and monitored centrally.

Note:

• By default, Log360 auto updating capability will be disabled. Manually enable it to automatically update to the latest version.
• Kindly ensure that you integrate EventLog Analyzer version 12150 or above and ADAudit Plus version 6065 or above in the latest and upcoming builds of Log360 (Build 5214 and above).

New feature

• Reverse proxy support: Log360 can now be configured as a reverse proxy server. Enhance security for your servers, as their identity is protected and all communication between them and their clients is routed through Log360.

Enhancement

• User interface enhancements
  • The apps pane in the product has been enhanced to make it easier to access.
  • The option button to jump to related products has been enhanced for better visual appeal.
  • The components integrated with the product will now load automatically to reduce the UI loading time.
  • The Log360 logo will now be displayed across all the components inside the product.
• Automated updates: This option allows you to automatically detect, download, and apply the product updates as soon as they are released.
• The version of jQuery bundled with the product has been upgraded to 3.5.1.

Fix

• Domain users were able to view data that should be accessible only to product admins using a specific URL. This issue has been fixed.

Enhancements

• Get real-time alert notifications when malicious techniques defined in the MITRE ATT&CK framework are detected in your network.
• Analyze incidents comprehensively with detailed security analytics reports.
• Group different 'techniques and tactics' alerts into a single logical incident for organized investigation.
• Group different alert events as an incident and assign it to an analyst.
• Investigate incidents better by viewing all the related events and actors involved.
• Manage and bring down the incident resolution time using different metrics such as incident age, and more.

Click here to access Log360 Build 5220_Beta (Beta version).

Enhancements

• The version of Tomcat bundled with the product has been upgraded to 8.5.57
• The version of PostgreSQL bundled with the product has been upgraded to 10.12
• The NTLM single sign-on authentication protocol has been upgraded to SMB2.

Enhancements

InstallShield 18 has been adopted for installing the solution. The user can now choose from three modes of installation:

• Standard Installation- All Log360 components will be installed.
• Custom Installation- The user can choose the required components to be installed.
• Minimal Installation- Only the Log360 build will be installed.

Fix

• The issue which caused the GUI to not load properly and displayed a Refused to connect page while accessing certain components of Log360 has been fixed.

Feature

• File Integrity Monitoring console: Log360 now has a dedicated console for file integrity monitoring. This integrated console enables you to configure file integrity monitoring centrally for file servers su

Fix

• The failure of Elasticsearch server restart due to timeout has been fixed.

Fixes

• The issues experienced while upgrading Log360 to later builds have now been fixed.
• Issue in Manage Compliance tab for service pack upgrades has been fixed.

Fix

• Index archival in Elasticsearch has been fixed.

Fix

• This release includes fix for the CVE-2020-24786 vulnerability, which allowed unauthenticated changes to integration system configuration, reported by Florian Hauser.

New features

• Integrated Cloud Security Plus reports: You can now integrate Cloud Security Plus reports in Log360 and view all the reports under the Log360 reports tab.
• Centralized SSL configuration: You can configure SSL centrally from Log360 for the components.

Enhancement

• Workgroup Servers: Workgroup servers will be synchronized in ELA and ADAP automatically.

Fix

• Issue in mail synchronization has been fixed.

Fix

• Issue in EventLog Analyzer's integration with Log360 due to the presence of multiple unpingable devices has been fixed. 

New feature

• FISMA, GPG, GDPR, CCPA, and SOX compliance reports: Log360 now has out-of-the-box reports for complying with FISMA, GPG, GDPR, CCPA, and SOX.

New feature

• Compliance management: Log360 now has a dedicated tab for managing compliance requirements. It contains ready-made reports to prove compliance with IT mandates such as PCI DSS and HIPAA.

New feature

• New login settings
  • Captcha has been included in the login page for increased security.
  • Block users: You can now set a threshold for login attempts. On reaching that threshold, the user will be blocked from trying to login for a specific period.
  • Smart card authentication: The use of smart cards/PKI/certificates has been enabled as additional options for Log360 login. If you have such an authentication system configured in your organization, Log360 can be configured to authenticate users through it, bypassing other first factor methods.
  • Two-factor authentication: Log360 now provides an extra layer of security for its users by supporting two-factor authentication during login. Supported authentication methods include:
    • Duo Security
    • RSA SecurID
    • RADIUS Authentication
    • Google Authenticator
    • Email verification
    • SMS verification
• SSL Certification tool to help you easily generate CSR and apply SSL certificates in Log360 to make the product safer for data transfer.
• Database migration: Now you can easily change Log360's bundled PostgreSQL database to Microsoft SQL Server or another instance of PostgreSQL from the web console.

Enhancements

• Backup Log360's data on Microsoft SQL Servers, in addition to PostgreSQL databases.
• Navigate to all the individual components of Log360 from the single tray icon.
• View upcoming events such as webinars, workshops, and seminars from the Support tab.

Fix

• Issue in synchronizing devices has been fixed.

New feature

• Search Engine Management: Users can add multiple machines for the shared storage of data. This optimizes disk space and improves indexing performance.

Fix

• Issue in integrating EventLog Analyzer's Linux instance with Log360 has been fixed.

New feature

• New language options: Log360 now supports Chinese and Japanese in addition to English.

Enhancement

• The graphs in the EventLog Analyzer dashboard of Log360 have been enhanced for easy inference.

New feature

Active Directory Reporting Add-on: Get insights into critical Active Directory security incidents that could help seal the insider attacks. With this add-on, get over 45 predefined report templates that provide details on AD objects such as:

• Inactive, locked out, account expired, password expired users and more.
• Security groups, group members, groups without members, and more.
• Inactive, disabled, recently deleted computers and more.
• Disabled, unused, recently created GPOs, and more.
• All OUs, empty and recently created OUs.
• Shares in servers, permissions on folders, and more.
• Objects/servers/subnets accessible by accounts, server permissions, and more.

Fix

• Vulnerability issue in the logo file upload feature has been fixed.

New feature

User and Entity Behavior Analytics (UEBA)

Detect user and entity behavior anomalies, account compromises, data exfiltrations, and insider threats with the User and Entity Behavior Analytics (UEBA) add-on, that is powered by machine learning. This add-on offers,

• Score-based risk assessment
• Threat corroboration

Enhancement

• Log360's dashboard keeps getting better with the addition of all the latest reports and graphs from ADAudit Plus.

Fixes

• Issue in applying self-signed certificates has been fixed.
• Issue in auto-backup of EventLog Analyzer has been fixed.

Enhancement

• Technicians created in EventLog Analyzer and ADAudit Plus components of Log360 can now login to the M365 Manager Plus module.

New Feature

ManageEngine DataSecurity Plus, a data visibility and security solution, capable of data discovery, file storage analysis, and Windows file server auditing has been integrated with Log360. You can now,

• Locate, analyze, and secure personally identifiable information (PII) in your files, folders, and shares from insider and external threats.
• Gain visibility into data usage trends, file access patterns, volume of personal data in files, and file permission changes.
• Meet multiple compliance regulations, and generate clear, concise audit records as legal evidence.

New Feature

ManageEngine Exchange Reporter Plus, an auditing, alerting, and reporting solution for Microsoft Exchange Servers has now integrated with Log360. With this integration, track incoming and outgoing email messages, monitor mailbox sizes, and perform Exchange traffic analysis.

• Exchange Server reporting: Get complete information about all components of your Exchange environment, including mailboxes, distribution lists, public folders, and more.
• Exchange Server auditing: Track and report on non-owner mailbox accesses, mailbox logon activity, changes to mailbox permissions, server configurations, and more.

Fixes

• Cross Site Scripting (XSS) vulnerability issue in the search and reports page (CVE-2018-7405) raised by Suresh Khutale has been fixed.
• Vulnerability issue of remote code execution when uploaded by an agent (DDI-VRT-2018-10) has been fixed.

New Feature

ManageEngine M365 Manager Plus, an Microsoft 365 reporting, management, auditing, and alerting tool is now integrated with Log360. With this integration, get access to general and audit reports, and create alerts for critical events in Exchange Online and Azure Active Directory.

• Microsoft 365 Reporting: Access an exhaustive list of reports to get deep insights on Exchange Online and Azure Active Directory and comply with industry mandates like SOX, PCI DSS, FISMA, HIPAA, and GLBA.
• Microsoft 365 Auditing: Audit non-owner mailbox accesses, admin activities, password resets, license modifications, group membership changes, and more.
• Microsoft 365 Alerting: Create your own custom alerts for critical events in Exchange Online and Azure Active Directory to get notified via email in real-time.

New Feature

• Three new predefined correlation rules that detect suspicious SQL backup, installation of services and software.
• Logs from syslog and other devices can be forwarded to any server including file servers and Windows servers.

New Feature

• GDPR compliance reports: Offers predefined report templates to help you easily comply with the GDPR's requirements.

New Feature

• Reports of both ADAuditPlus and EventLog Analyzer have been consolidated and can be viewed in the same window.

Enhancements

• The mechanism of recording the log flow rate has been changed.
• An extra field "Display name" has been added to the pre-defined reports and search section.

Fixes

• The issue with parsing of fields for NPS events occurring on Windows Server 2016 has been fixed.
• Addition of VMware reports for created and deleted VMs (Event IDs: 13002 and 13003).
• The issue with the Solaris user account management report and SUDO command execution report has been fixed.
• Issue with populating of web traffic reports for WatchGuard has been fixed.
• The issue with the policy changes report for Symantec devices has been fixed.
• The issue with exporting reports from the "My Reports" category in EventLog Analyzer has been fixed.

New Feature

• Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
• Malicious IP and URL alerts: Upon analyzing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

New Feature

• Log360 now supports NTLMv2 authentication.
• You can now automatically back up PostgreSQL database of EventLog Analyzer and Log 360.

New Feature

• Host synchronisation mechanism has been enhanced.
  • Inherited hosts that are disabled due to license expiry or limit exceeding license count, cannot be enabled.
  • If a host has been added in one of the components, then it will be inherited automatically in the other component.