Click here to expand

    Advanced Threat Analytics

    The Advanced Threat Analytics feature gives valuable insights into the severity of threats using the reputation score for potentially malicious URLs, domains, and IP addresses. To utilize the Advanced Threat Analytics feature, an add-on has to be purchased.

    Advanced Threat Analytics add-on purchase:

    • To purchase the Advanced Threat Analytics add-on, please click here.
    • After purchasing and applying the add-on license, go to Settings → Admin Settings → Management→ Threat Feeds. The Advanced Threat Analytics tab will be present next to the STIX/TAXII Threat Feeds tab. Configure the respective feeds to access the threat analytics data.

    enable-advanced-threat-analytics

    Overview

    1. EventLog Analyzer supports the following vendors for the Advanced Threat Analytics data:
      • Log360 Cloud Threat Analytics

        Default integration from Log360 Cloud suite. This can be accesed once the add-on is purchased.

      • VirusTotal

        Third-party threat feed integration. This follows the Bring Your Own Key(BYOK) model. If you have bought VirusTotal access separately, you can use your API key and get the threat analytics information in EventLog Analyzer.

    2. Access
      • Investigation: The Threat Analytics information can be accessed through the External Threat report and the Incident Workbench for investigations.
      • Detection: The Default Threat alert criteria detects interaction with external threat sources. Once the Advanced Threat Analytics add-on is applied, the alerts will be accurately fine tuned to reduces false positives.

    External Threat report

    Navigation: EventLog Analyzer home > Reports > Select Threats from the drop-down in the top left corner > Threat Analytics > External Threat

    The External Threat report contains the information on the source of the threat, severity, reputation score, and more.

    • View reports of Top Attacked Hosts and Threats by Category for the selected period.
    • threat-management-schedule-interval

    • Click on URLs and IPs in the Threat Source column and select Go To Incident Workbench to get contextual risk data from the integrated threat feeds
    • external-threat-alerts-advanced-threat-analytics

      external-threat-alerts-advanced-threat-analytics

    Alerts

    View the generated alerts on the Alerts summary page, and click on the Threat Analysis icon to open the Incident Workbench and analyze further.

    external-threats

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link