# Log360 - EventLog Analyzer Integration ## Table of contents - [Overview](#overview) - [Steps to Integrate Log360 - EventLog Analyzer with Endpoint Central (On Premises)](#steps) - [Workflow](#w) ## Overview By integrating ManageEngine Endpoint Central with Log360 — EventLog Analyzer, you can bridge the gap between UEM and SIEM, giving your security team complete visibility across your IT environment. This integration enhances threat detection, streamlines investigations, and unifies response efforts—significantly boosting your organization’s overall security posture. Endpoint Central acts as a comprehensive agent that collects security data from your organization’s endpoints, including servers, desktops, laptops, and mobile devices. This data includes: - **System Misconfigurations** - **Vulnerability Data Points** Here's what this integration provides: - **Centralized security intelligence:** All endpoint insights are fed into Log360’s SIEM console, offering a single-pane view of vulnerabilities and misconfigurations. This contextualized data allows for efficient threat detection, investigation, and response. - **Smarter alert triage:** Log360 correlates data from both platforms to generate prioritized, context-rich alerts—helping teams quickly detect real threats and reduce noise from false positives. - **User-based threat correlation:** Host-level anomalies detected by Endpoint Central are mapped to user activity in Log360, providing deeper visibility into events like lateral movement, privilege escalation, and suspicious misconfigurations. - **Zero-day exploit mitigation:** The integration helps identify and respond to zero-day vulnerabilities at the endpoint level. Automated patching through Endpoint Central helps neutralize threats quickly, reducing the attack window. - **Real-time monitoring and visibility:** Track endpoint health and user actions as they happen, enabling proactive detection and faster resolution of incidents. - **Faster investigations with Incident Workbench:** Log360’s Incident Workbench auto-builds timelines of suspicious events, simplifying investigations and speeding up decision-making. - **Reduced MTTR and enhanced MDR:** With high-fidelity analytics and automated responses, threats are stopped in their tracks. This translates into faster mean time to respond (MTTR) and improved mean detection and response (MDR). This integration empowers your security team with the insight and agility needed to stay ahead of evolving threats—by unifying endpoint intelligence with network analytics for a truly proactive defense strategy. ## Steps to Integrate Log360 - EventLog Analyzer with Endpoint Central (On Premises) - Generate **Authentication Key or API Key** using **Endpoint Central API Explorer**. To learn how to generate this key refer to [this page](https://www.manageengine.com/products/desktop-central/api/). - In **Log360 EventLog Analyzer**, navigate to the **Settings** tab and click **Applications** under the **Log Source Configuration** menu. - Select **ME Applications** tab under **Applications** component. ![Log360 Integration](https://www.manageengine.com/products/desktop-central/help/images/l3602.png) - Click the **Add ME Application** button. ![Log360 Integration](https://www.manageengine.com/products/desktop-central/help/images/l3603.png) - Select **Endpoint Central** from the **Application** drop-down box. - Enter or pick a device from the **Device** list. (Note: The device on which the Endpoint Central server runs.) - Check the **Data Enrichment** box. - Configure the following in the Data Enrichment component. - **Protocol**: Select the desired protocol to fetch data from the protocol dropdown box. - Provide a **Port** number to the protocol (Default port number for HTTP: 8020 & HTTPS: 8383) - Provide the **API key** generated from the **Endpoint Central API Explorer**. **Note:** Kindly make sure the user have following permissions **[VulnerabilityMgmt_Read, PatchMgmt_Read, PatchMgmt_Write]** - Click **Add** to configure the chosen Endpoint Central application with the selected device. **Note:** Ensure the credentials have sufficient permissions to access APIs. ## Workflow ![Log360 Integration How it Works](https://www.manageengine.com/products/desktop-central/help/images/l3601.png) Post this integration, you can create custom correlation rules, custom alert profiles using vulnerability and misconfiguration comparators and also can manage patches with workflows in Log360 - EventLog Analyzer. To learn more about how to configure these, refer to [this page](https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/Add-devices/AddingApplicationSources/adding-manageengine-application.html#s10). Kindly contact [support](mailto:endpointcentral-support@manageengine.com) for any queries.