Log360 integration

Log360 is a comprehensive SIEM solution that offers robust log management and incident management capabilities. It collects and analyzes logs to provide insights into various security events across the network. Integrating ADManager Plus with Log360 enables organizations to seamlessly forward ADManager Plus management logs to Log360, automate threat remediation, ensure audit readiness, and maintain compliance with IT regulations and mandates.

Steps to integrate Log360 with ADManager Plus

1. Log in to ADManager Plus and navigate to the Admin tab.
2. Under System Settings, click Integrations.
3. Under Log Forwarding, click Log360.
4. Toggle the Enable Log360 Integration option on to enable the integration and configure the following:
   • SOAR Workflow: Enable the Allow Log360 SIEM to execute AD management actions option to allow Log360 to trigger AD management actions in ADManager Plus as part of automated threat remediation workflows using its SOAR module. When enabled, Log360 can respond to detected threats by executing actions such as disabling users, resetting passwords, or modifying group memberships directly through ADManager Plus.
     Note:

     • This option works only when the appropriate ADManager Plus playbook configurations are configured in Log360. For more information, refer to ADManager Plus Playbook Configuration.
     • This option should be enabled only if you want Log360 to perform automated remediation actions using ADManager Plus.
   • Log Forwarding: To enable log forwarding, check the Enable Log Forwarding box. After enabling it, configure the following log forwarding settings:
     • Server Name: Enter the name of the machine where EventLog Analyzer is installed.
     • Port Number: Enter the port number where the EventLog Analyzer service is running.
     • Protocol Settings: Select the protocol to be used for connecting to the EventLog Analyzer server.
     • Authentication: Enable this option to provide authenticated access to the server when EventLog Analyzer is installed on a remote machine and to configure the Super Admin's credentials in the Username and Password fields.
     • Log Type: Select the type of log that you would like to forward to EventLog Analyzer: Access Log, Debug Log, or User activity Log.
       • Access Log: Select this log type if you would like to forward ADManager Plus' web server access logs.
       • Debug Log: Select this log type if you would like to forward event logs related to startups and logins.
       • User activity Log: Select this log type if you would like to forward logs of actions performed by technicians in ADManager Plus.
     • Configure Syslog Port Manually: Enable this option to manually configure the syslog port.
       Note: By default, this option is unchecked, and the port details will be automatically populated from EventLog Analyzer.
     • Syslog Protocol: Select the protocol to be used for forwarding logs.
     • Syslog Port: Enter the port to which logs must be forwarded.
5. Click Test Connection and Save to establish a connection and save the settings.

Actions supported

• Forward logs on AD, Google Workspace, and Microsoft 365 management actions performed using ADManager Plus.
• Automate threat remediation by executing AD management actions through ADManager Plus using Log360 SOAR workflows. The following AD management actions through ADManager Plus are available in the Log360 SOAR workflows:
  • Add User to Group
  • Delete Computer
  • Delete User
  • Disable Computer
  • Disable User
  • Enable Computer
  • Enable User
  • Modify User
  • Remove User from Group
  • Reset User Password
  • Unlock User