Related Products
Log360

Comprehensive SIEM and UEBA
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo

Download PDF lhs-panel

Click here to expand

Invoking Zia Insights

Overview

EventLog Analyzer's Zia Insights is an AI-powered capability that delivers contextual security insights by analyzing logs, alerts, and incidents. These insights help interpret security activity, identify impacted entities, map observed behavior to the MITRE ATT&CK® framework, and determine recommended response actions.

This page explains how to invoke Zia Insights from the Search, Alerts, and Incidents modules of ManageEngine EventLog Analyzer.

Invoking Zia Insights from Search

In your EventLog Analyzer account, go to the Search tab.
Perform a search query using either the basic or advanced mode.
NOTE: Refer to this video to learn how to perform log searches.
In the search results, hover over a specific log entry.
Click on the zia icon on the top-right corner of the log entry to view insights generated by Zia.
Figure 1: Invoking Zia Insights from Search of ManageEngine EventLog Analyzer

Insights provided by Zia Insights for Search

Zia will process the selected log and display contextual insights, including a summary, associated MITRE ATT&CK® techniques (if applicable), and suggested mitigation steps.

Invoking Zia Insights Figure 2: Zia Insights generated for the selected log

Invoking Zia Insights from Alerts

In your EventLog Analyzer account, go to the Alerts tab and select Alerts.
NOTE: Use the Select view dropdown to filter alerts. Select from Critical Alerts, Trouble Alerts, or Attention Alerts. You can also use the default All Alerts view or add a custom view using Add Custom View.
Select an alert from the list.
Click on the icon displayed at the top-right corner to generate Zia Insights.
Figure 3: Invoking Zia Insights from Alerts of ManageEngine EventLog Analyzer

Insights provided by Zia Insights for Alerts

For alerts, Zia Insights provides contextual summary, attack timeline, relevant MITRE ATT&CK® techniques (if applicable), and mitigation steps based on the alert data.

Invoking Zia Insights Figure 4: Zia Insights generated for Alerts

Invoking Zia Insights from Incidents

In your EventLog Analyzer account, go to the Alerts tab and select Incident.
NOTE: Use the Select view dropdown to filter incidents. Select from All Incidents, Active Incidents, Critical Incidents, or create a new one using Add Custom View.
Select an incident from the list.
Click on the Zia Insights icon to generate insights.
Figure 5: Invoking Zia Insights from Incidents of ManageEngine EventLog Analyzer

Insights provided by Zia Insights for Incidents

When invoked from the Incident console, Zia Insights provides details on involved actors, a chronological evidence timeline, evidence summary, and relevant MITRE ATT&CK® techniques based on the incident data.

Invoking Zia Insights Figure 6: Zia Insights generated for Incidents

Read also

This document explained how to access Zia Insights from Search, Alerts, and Incidents within ManageEngine EventLog Analyzer to generate AI-powered security insights. For a comprehensive overview of Zia Insights and instructions on how to leverage its capabilities effectively, refer to the following articles: