Help Document

Overview
Setting up
- Account setup
- Starting Log360 Cloud
- Supported log sources
- Adding Syslog devices
- Subscription
- Prerequisites
- Service Level Agreement (SLA)
- Amazon Web Services (AWS)
- Microsoft 365 Auto Configuration
- Microsoft 365 Manual Configuration
Dashboard
Reports
- Available Reports
- Manage Predefined Reports
- Manage Report Views
- Custom Reports
- Types of Report Views
- Report Exporting
- Schedule exports
- Advanced Active Directory reports
  - User Work Hours
  - Account lockout analyzer
Compliance Reports
Search
- Search
- Search tool
- Save searches
- Share searches
- Export searches
- Add or remove fields from the search results
- Tagging tool
Cloud correlation
- Understanding correlation
- Generating correlation reports
- Managing correlation rules
UEBA
- Overview
- Anomaly rules of UEBA
  - List of anomaly rules
  - Working with anomaly rules - view, manage and customize rules
- Investigating anomalies
Zia Insights
- Overview
- Using Zia Insights
- Setting up Zia Insights
- Invoking Zia Insights
Alerts
- Creating alert profiles
- View log alerts
- Ticketing tool configuration
- Manage profiles
Threat investigation
- Incident Workbench
- Device summary
Incident management
- Incident management
Configuration settings
- Devices
- Applications
- Manage Cloud Sources
- Vulnerability data
- vCenter
- Threat management solutions
  - Threat Source
- File Monitoring
- Import log data
Admin settings
- Manage Agents
- Agent Settings
- Log Source Groups
- User management
- Accounts Management
- Configuring object level auditing
- Configuring audit policies
- Configuring Windows member server audit policies
- Technician audit
- Advanced Threat Analytics
- Bulk actions for Agents
- Privacy settings
- Notification settings
- Notification Templates
- Working Hour Settings
- Reload Historical Logs
- My account settings
- Product settings
- Log Collection Filter
- Custom log parsing
- License
- Cloud Storage Estimator
- Listener ports
- Log forwarding
Developer space
- Custom Widgets
- Extension Profile Generation
- Extension Builder
Marketplace
- Installing Extensions
- Compliance Extensions
- Nginx
- Veeam
- MariaDB
- Okta
Ticketing tool integration
- Zendesk
- Freshservice
- Jira Service Desk On-Demand
- ServiceNow
- ManageEngine ServiceDesk Plus On-Demand
Cloud protection
- Cloud Protection in Log360 Cloud
- Gateway Cluster
- Gateway Server
- Prerequisites for Gateway Server configuration
- Installing Gateway Server
- Endpoint Configuration
- Certificate Authority Configuration
- Manage Certificate Trust Store
- Two-way SSL Support
- Manage Banned Applications
- Manage Sanctioned Applications
- Gateway Server Failover
- Application Insight
- User Access Insight
- Cloud Access Reports
- CASB application reports
- Shadow Cloud Application Reports
- Reports on Banned Cloud Applications
- File Upload Reports
- Threat Analytics in Cloud Protection
- Regenerate Access Key
- Troubleshooting gateway server errors
API Support
Teams
- Overview
- Managing Teams
MSSP Edition
- Introduction
- MSSP Account Setup
- Dashboard
- Manage Clients
- Evaluation Clients
- My Account Settings
- Technician Management
- License
Troubleshooting
- Overview
- WMI-based errors
Encryption at Rest (EAR)
Contact us

Related Products
Log360

Comprehensive SIEM and UEBA
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo

Log360 Cloud
Incident Workbench
Overview

Incident Workbench in Log360 Cloud

What is Incident Workbench ?

The Incident workbench is Log360 Cloud's investigation console that unifies analytics of the core entities such as users, processes, and external threat sources.
This feature facilitates users to add, compare, and analyze data with enriched integrations like Advanced Threat Analytics.
Utilize the contextual assessment with risk based profiling, conduct faster root cause analysis by probing the process trees, and minimize the overall time taken to investigate and resolve threats.

Primary use cases:

Guided threat investigation to reduce the mean time taken to resolve security incidents
Proactive threat hunting
Contextual security analytics and risk assessment
Evidence building for security incidents
Process tree hunting - finding anomalous process spawning
External traffic source analysis through risk score from threat feed integrations

incident-workbench

Features:

Here are the entities you can analyze using the Incident Workbench:

Users
Analytics offered: User activity overview and user details.
Process
Analytics offered: Process hunting tree with parent-child relationships and event timeline.
Threat sources
Analytics offered: Risk analysis from security vendors using Advanced Threat Analytics integration.

Access and usability:

Roles and restrictions:
- Operator and guest role members have no access to the Incident Workbench.
Access: The Incident Workbench can be invoked from multiple dashboards of Log360 Cloud such as reports, log search, compliance, alerts, and more.
Users can add upto 20 tabs in a single instance of the Incident Workbench and save it to an existing incident or create a new incident.

© 2025 Zoho Corporation Pvt. Ltd. All rights reserved.