Attack detection with Log360

Your first step to win the battle of defense: Detect the enemy.

 
 
 
 
 
 
 

Are you equipped to detect the enemy?

If you're looking for a solution that can detect cyberthreats in your environment, send real-time alerts, and automate incident response, you're at the right place. Log360, ManageEngine's SIEM solution, can accomplish all of that and more.

Log360's attack detection capabilities

Rule-based attack detection:

Analyze threats with contextual data obtained from Log360's powerful correlation engine integrated with a comprehensive threat intelligence platform that reduces false positives and features:

  • A built-in real-time correlation engine that includes over 30 predefined rules to detect known attacks such as SQL injection, denial of service, and firewall attacks.
  • A custom correlation rule builder with an intuitive drag-n-drop interface to build new correlation rules.
  • Real-time email and SMS notifications delivered promptly to security admins when incidents are detected.
  • An easy way to associate workflow profiles with correlation rules for instant remediation.
Get your free Correlation Resource Kit!
             
         

MITRE ATT&CK implementation to detect APTS:

Log360 supports the MITRE ATT&CK framework that traces and uncover intruders, and provides:

  • A real-time security analytics dashboard tied to the MITRE's TTPs database to quickly investigate suspicious activities.
  • A correlation rule builder equipped with prebuilt actions mapped to MITRE's techniques to trace attackers' movements.
  • An easy way to associate workflow profiles with MITRE ATT&CK actions for immediate incident response.
Try this feature

ML-based behavior analytics:

Spot and stop malicious insider threats, compromised accounts, privilege abuse and misuse, unauthorized data
access and exfiltration, and benefit from:

  • Automatic machine-learning actions that monitor user and entity behaviors, track anomalous and suspicious behavior, and promptly alert security admins about questionable activities.
  • Integrated risk management that assigns risk scores to every anomaly.
  • Real-time notifications for high risk scores and atypical behaviors.
  • The option to watchlist users and entities to closely monitor their activities.
Explore user entity behavior analytics (UEBA)
                         

Attack detection:
Spotting malicious software installations

Video thumbnail

Log360 attack detectionUse cases

Detect malware attacks

Malware is one of the most persistent cyberthreats in the modern world. As new malware appears, detecting it remains a challenge. Log360 unmasks the presence of malware in the network utilizing its predefined correlation rules. It spots suspicious software or service installations by malicious actors, alerts security admins immediately, and provides detailed incident timelines for investigation. This solution also lets you associate a workflow profile to stop the service or process, facilitating an immediate incident response.

Read the complete use case here.
 

Detecting data exfiltration using MITRE ATT&CK implementation

Often, attackers executing advanced and sophisticated attacks are detected when they try to leave your network perimeter with the stolen data. Log360 spots and alerts your security team to data extortion in real time. The solution monitors security events and uncovers techniques such as data exfiltration over alternative protocol (T1048), and unusual data flows in the network. If any of the applications send more traffic than they receive, this will be deemed suspicious, and an alert will be triggered to warn the security team of a possible security threat.

Read the complete use case here.
 

Leverage machine learning to spot malicious insiders

Leverage machine learning to spot malicious insiders It is more difficult to spot insider attacks as they are carried out with legitimate access. Log360's UEBA component ingests log data of the users over a period of time and profiles all of their behaviors. When a chain of suspicious behavior, such as odd logon times, unusual access to sensitive data, or multiple file downloads is detected, the user's risk score for insider threat increases and the security team is alerted. Log360 also provides detailed event timelines for further investigation.

Explore these interactive graphics to see how risk scores add up during threats.

 
           

Why choose Log360 for attack detection?

  • Gain insights into security events utilizing over 200 intuitive security dashboards.
  • Get real-time notifications for known indicators of compromises and attacks, and view actionable reports with detailed timelines.
  • Monitor your logs to discover attacks based on the MITRE ATT&CK framework.
  • Automate incident response with alert workflows.
  • Resolve incidents within Log360 utilizing automatic ticket assignments and built-in tracking.
  • Expose threats originating from insider attacks, account compromise, and data exfiltration.
  • Monitor privileged user activities, and receive real-time alerts for anomalous events.