Advanced Threat Analytics
Note:
- Check the Access page to learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.
- To access Advanced Threat Analytics data, you can click on any of the following fields that uniquely identify the external sources:
Domain analysis:
- Domain
- Canonical Name
- Client Domain
- URL Site
IP Analysis:
- Remote DeviceIp
- Source IP
- Client IP Address
- Server IP Address
- Address
- Destination IP
- Device Ip
- Remote Ip
- Source Host Address
- NAT Source Address
- NAT Destination Address
- Destination IP
- Original Client IP
- IP Address
- Endpoint IP
- Private Ip
- Target Ip
- Source Device
- Target Machine
- Destination Host Address
- Target Device
URL Analysis:
- Payload URL
- Object Url
- URL
EventLog Analyzer supports the following vendors for the Advanced Threat Analytics in Incident Workbench:
Log360 Cloud Threat Analytics
This is the default integration from Log360Cloud suite, and can be accesed once the add-on is purchased.
VirusTotal
This is a third-party threat feed integration, and follows the Bring Your Own Key (BYOK) model. If you have purchased VirusTotal access separately, you can use your API key and get the threat analytics information in EventLog Analyzer.
Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in EventLog Analyzer. As long as you don't close the workbench, the analysis will be available even if you log out of EventLog Analyzer and login again. You can also
save it to an existing incident or create a new one.