Advanced Threat Analytics
The Advanced Threat Analytics feature gives valuable insights into the severity of threats using the reputation score for each potentially malicious URLs, domains, and IP addresses. To configure Advanced Threat Analytics, an add-on feature that has to be purchased.
Please follow the steps below to configure this feature.
- To purchase the add-on, please click here.
- After purchasing, click on Threat Management in the Settings page. The Advanced Threat Analytics tab will be present next to the STIX/TAXII Threat Feeds tab.
For users with a Log360 Cloud account.
- Existing Log360 Cloud users can enable Advanced Threat Analytics by clicking on the button Enable Advanced Threat Analytics in the Advanced Threat Analytics tab.
For users who do not have a Log360 Cloud account.
- In the Advanced Threat Analytics tab, create an account in https://log360cloud.manageengine.com by clicking on the hyperlink.
- After signing up, navigate to Settings > Admin Settings > Agent Configuration.
- Copy the access key and paste in the Access Key box present in the Advanced Threat Analytics tab and click on Connect.
- The scheduler will be enabled automatically. To change the frequency in which the feeds are populated, click on the edit button next to interval.
Threat Analytics Report
The External Threats report under the Threat Analytics tab contains information on the source, the severity of the threat and so on.
- Click on the View button under the Advanced Threat Analytics column. This gives you additional information for the souce of the threat.
- Additional information on the source of threat such as, Geographical information, phishing information, and so on will be displayed in the popup.
- In the Threat Alerts section of the Alerts tab, additional information on the source of threat can also be viewed by clicking on the icon next to the IP Address in the device column.
- Clicking on the icon displays information on the source, the severity of the threat and so on.