Click here to expand

    Advanced Threat Analytics


    The Advanced Threat Analytics feature gives valuable insights into the severity of threats using the reputation score for each potentially malicious URLs, domains, and IP addresses. To configure Advanced Threat Analytics, an add-on feature that has to be purchased.

    Please follow the steps below to configure this feature.

    • To purchase the add-on, please click here.
    • After purchasing, click on Threat Management in the Settings page. The Advanced Threat Analytics tab will be present next to the STIX/TAXII Threat Feeds tab.

    For users with a Log360 Cloud account.

    • Navigate to https://log360feeds.manageengine.com/
    • Copy the Advanced Threat Analytics Feed Server access key.
    • In EventLog Analyzer, navigate to Settings → Threat Management → Advanced Threat Analytics.
    • Paste the Access Key in the Access Key box present and click on Connect.
    • enable-advanced-threat-analytics

    For users who do not have a Log360 Cloud account.

    • Navigate to https://log360feeds.manageengine.com/
    • Create a Log360 cloud account and sign in using the valid credentials.
    • You can find the Advanced Threat Analytics Feed Server access key in the page displayed.
    • Copy the Advanced Threat Analytics Feed Server access key.
    • In EventLog Analyzer, navigate to Settings → Threat Management → Advanced Threat Analytics.
    • Paste the Access Key in the Access Key box.
    • The scheduler will be enabled automatically. To change the frequency in which the feeds are populated, click on the edit button next to interval.

      threat-management-schedule-interval

    Threat Analytics Report

    The External Threats report under the Threat Analytics tab contains information on the source, the severity of the threat and so on.

    • Click on the View button under the Advanced Threat Analytics column. This gives you additional information for the souce of the threat.
    • external-threats

    • Additional information on the source of threat such as, Geographical information, phishing information, and so on will be displayed in the popup.
    • external-threat-alerts-advanced-threat-analytics

    Threat Alerts

    • In the Threat Alerts section of the Alerts tab, additional information on the source of threat can also be viewed by clicking on the icon next to the IP Address in the device column.
    • threat-alerts

    • Clicking on the icon displays information on the source, the severity of the threat and so on.
    • threat-alerts

    Get download link