• ManageEngine Certification

Log360 Training

About Log360

Log360 is a comprehensive security information and event management (SIEM) solution that performs exhaustive log management, Active Directory auditing, and user behavior management.

Course agenda:

Getting started and installing Log360

  • System prerequisites and requirements
  • Installing Log360 as an application and as a Windows service
  • Starting and setting up Log360 from the web console

Integrating the different components of Log360

  • Integrating products installed in other machines in Log360
  • Setting up all the components of Log360
  • Synchronizing the data between the integrated components

Setting up log collection

  • Automating log collection from devices
  • Setting up agent-based and agentless log collection
  • Implementing log collection filters

Searching the logs

  • Types of search queries and their functions
  • Building basic and advanced search queries
  • Parsing logs
  • Tagging search queries
  • Mapping search results as incidents

Security analytics

  • Viewing reports on network activities, Active Directory, Exchange Server, and Microsoft 365 from one place
  • Exporting reports in various formats
  • Mapping reports as incidents

Active Directory auditing

  • Account logon auditing
  • logoff auditing
  • AD user object auditing
  • AD computer object auditing
  • AD group object auditing
  • AD organizational unit auditing
  • Permission change auditing
  • GPO auditing
  • Auditing for other AD objects, like containers, contacts, DNS, and more

File server auditing

  • Windows file servers auditing
  • Windows failover server clusters auditing
  • NetApp Filer auditing
  • EMC storage auditing
  • File integrity monitoring

Account Lockout

  • Analyzing Windows services and schedule tasks
  • Network Drive Mappings/logon sessions/Process list
  • Analyzing logon activity of both the domain controller and local
  • Analyzing OWA and ActiveSync
  • Radius server logins

Member server auditing

  • Auditing logon activity on servers
  • Tracking process activity
  • Auditing policy changes
  • Monitoring system events
  • Managing accounts on servers
  • Printer auditing
  • ADFS auditing
  • Removable storage (USB) auditing
  • AD LDS auditing


  • Customizing the dashboard and embedding it in external sites
  • Adding new widgets to the dashboard

Setting up security alerts

  • Viewing pre-built alerts and correlation-based alert profiles
  • Building custom alert profiles
  • Exporting alerts

Event correlation

  • Viewing pre-built correlation rules
  • Building custom correlation rules

Response workflows

  • Configuring workflows for alerts
  • Creating workflow profiles

Incident tracking

  • Creating incidents for alerts, reports, and search results
  • Tracking incidents

User and entity behavior analytics (UEBA)

  • Viewing, scheduling, and exporting reports
  • Configuring alerts in Log360 UEBA

Logon settings

  • Configuring single sign-on, smart card, and two-factor authentication for secure login

Centralized administration settings for Log360 and integrated components

  • Setting up high availability
  • Configuring automatic database backup and build update
  • Configuring mail server, SMS, and proxy settings
  • Applying SSL certificates and enabling HTTPS
  • Setting up Log360 as a reverse proxy server for enhanced security

General settings

  • Enabling license expiration and product downtime notifications
  • Migrating from the built-in database to other databases
  • Personalizing language and time zone settings
  • Customizing the logo, title, and more


  • US : +1 888 720 9500
  • US : +1 800 443 6694
  • Intl : +1 925 924 9500
  • Aus : +1 800 631 268
  • UK : 0800 028 6590
  • CN : +86 400 660 8680