As the attack surface widens, and the attacks become more sophisticated, the weight of the battle against cyberattackers falls on the security operation centers (SOC). SOCs can reinforce an organization's security posture by utilizing a security orchestration, automation and response (SOAR) platform. This collection of compatible security-focused software accelerates incident investigation and response. A SOAR platform increases visibility to all security data, streamlines IT processes, automates security-related manual tasks, reduces redundant and repetitive work, and improves collaboration between security tools.

Why choose ManageEngine Log360 for SOAR?

  • Security orchestration
  • Security automation
  • Security remediation

Security orchestration

           
security-orchestration-automation-and-response-soar-05
  Unified security data analysis

Gather security data seamlessly from various sources in your network including Active Directory (AD) users, groups, organizational units; network devices such as firewalls, servers, endpoints; and applications such as vulnerability scanners, data loss prevention software, threat applications, and more. Log360 provides meaningful security context to the data to identify security events quickly and accurately.

  Streamlining incident management with ITIL tool integrations

Ensure accountability for incident resolution by utilizing ticketing tool integration to assign detected incidents to security administrators. Log360 allows configuration of external help desk solutions, such as ServiceNow, ManageEngine ServiceDesk Plus, Jira Service Desk, Zendesk, Kayako, and BMC Remedy Service Desk.

Security automation

Enable workflows to detected-security incidents that are presented in the form of alerts and receive a status email.
 
 
 
 
 
 
security-orchestration-automation-and-response-soar-06
  Automate threat remediation

With prebuilt workflows for common use cases, Log360 enables you to automate incident response across your security and IT processes.

Automate workflows and ticket assignment  

Ensure that no critical security incidents slip through the cracks by automating ticket assignment and workflow execution in Log360. For instance, you can enable a workflow related to event logs that triggers an alert and automatically assigns a ticket to a security admin.

     

Security remediation

         

Log360's incident response management reduces the workload for your SOC by automatically executing a series of common remedial measures based on the type of security incident detected in your environment. Automating incident workflows helps contain potential long-lasting security damage to your network, reduces alert response times, and increases SOC efficiency so the team can tackle other challenges.

  Incident response workflow profiles

When alerts are triggered, automate response workflows to mitigate network security incidents before they cause any damage or result in a breach. Log360 provides prebuilt workflow profiles to initiate quick and accurate security responses. You can also associate workflows to alert profiles, correlation alerts, and other security alarms to automate threat remediation.

  Immediate suspension of suspicious activities

Automate incident workflows that stop critical security threats from exploiting your organization's assets. With Log360's incident response module, you can:

  • Disable or delete a potentially compromised AD user or computer in your AD environment.
  • Terminate a process on a potentially compromised Windows device.
  • Log off and disable a potentially compromised Windows user account.
  • Display a pop-up alert on the affected device.
  • Stop a service on a potentially compromised device.
  • Ping a device to check connectivity within your network.
  • Run a trace route function to a device in your network to identify the path.
  • Perform Cisco ASA firewall actions, such as adding inbound and outbound rules.
  • Shut down or restart a potentially compromised Linux device.
  • Execute a specified script file on a Linux device.
 
     
  Workflow customization

With Log360, you can build incident workflows based on your security requirements using the custom workflow builder. Utilize the simple drag-and-drop interface to link consecutive actions, construct the flow based on the success or failure of the previous action, execute time delays, and more.

Supported applications for
workflow integration

Log360 supports seamless workflow integration with different applications and platforms including

 
 
Active Directory
 
Linux
 
Cisco ASA firewalls
 
Windows
 
 
Monitor Your
Network
 
Detect security
events
 
Get alerted to
threats
 
Prioritize high-risk
threats
 
Automate
workflows
 
Assign
tickets
 
Resolve
threats
detecting-insider-threat-and-attacks-for-dummies