Release Notes

Issue fixes

• Fixed an issue where the dae.properties file could become corrupted due to a race condition.
• Fixed a false positive email notification that reported the Elasticsearch archive location as inaccessible.

New features

New integration support for NetFlow Analyzer and Firewall Analyzer

NetFlow Analyzer and Firewall Analyzer can now be added as supported log sources in Log360. Logs from both solutions can be collected via syslog, processed, and analyzed within a unified console. The following log types are supported:

• Audit Logs: Gain visibility into user actions and configuration changes across NetFlow Analyzer and Firewall Analyzer, enabling better tracking and accountability within Log360.
• Debug Logs: Ingest detailed debug-level logs to accelerate troubleshooting and streamline root cause analysis.
• Access Logs: Monitor and analyze web access activity across both solutions with centralized log management in Log360.

Enhancements

• Audit log parsing in OpManager suite of products: Log360 now supports parsing of audit logs forwarded from OpManager suite of products, enabling structured analysis and easier search of audit trail data, including user activity and configuration changes, directly within the platform.

New Feature

Alert Investigation Agent

A built-in AI agent that uses LLM-driven reasoning to autonomously investigate a selected alert. It determines which actions to take based on the alert type and available data, adapting the sequence and depth to each investigation.

Investigation capabilities

• Entity identification and enrichment: Extracts users, IPs, domains, hosts, processes, and files. Queries VirusTotal, Advanced Threat Analytics (ATA), and UEBA, and Endpoint Central for risk assessment.
• Related alert and log analysis: Finds alerts linked to the same entities, identifies patterns, and runs targeted log searches when needed.
• Timeline construction: Reconstructs the attack chain chronologically, mapped to MITRE ATT&CK® techniques.
• Actionable output: Presents immediate remediation steps and future risk indicators.
• Alert closure: Close investigated alerts directly from the investigation workflow. Also, fetch and close duplicate alerts identified during the investigation.
• Add to incident: Attach to an existing incident or create a new one from the investigation view.

Enhancements

• The bundled PostgreSQL version has been upgraded to 14.20 to ensure improved stability and compatibility.
• The bundled Apache Tomcat version has been upgraded to 9.0.115 to address security updates and enhance overall platform security.
• Duo Security certificates update: The Duo Universal Java SDK has been updated to version 1.3.1 to address expiring certificates in Duo's integration bundles.

Issue Fixes

• Cross Site Request Forgery (CSRF) vulnerability in deleting the integrated Microsoft Cloud 365 Account is fixed. This was raised by BitPhantom M through the Zoho Bug Bounty Program (ZVE-2026-0949).

New features

• Access Gateway Cluster: Introduced support for Access Gateway Clusters, enabling secure UI access and centralized agent communication through a dedicated gateway—eliminating the need to directly expose the primary server.
• Failover Configuration: Added failover support using a virtual IP address or hostname, ensuring uninterrupted agent and user connectivity during server switchovers.

Enhancements

License Management

• Introduced a new licensing model to simplify license management and provide better control over monitored devices.
• When the configured license limit is reached, device restrictions are automatically enforced.
• Devices exceeding the licensed limit are automatically disabled until additional licenses are added or unused devices are removed.

Customer Management (MSSP Edition)

• Customer deletion is now validated using handshake authentication, eliminating the need for manual credential entry.

Technician Management (MSSP Edition)

• Delegation can now be assigned to Active Directory (AD) groups and Organizational Units (OUs), allowing users within them to log in automatically without manual addition.
• Added a Group View for improved visibility and management.
• Introduced a Filter option on the Technician page for easier navigation and search.

Manage All Alert Profiles (Custom Action)

• Introduced a new custom action, "Manage All Alert Profiles," allowing technicians with custom roles to view and manage all alert profiles, including those created by admins and other operators.
• This permission can be configured under Admin Settings.

Issue Fixes

• Improved Elasticsearch stability to prevent unexpected failures and connection issues.
• Resolved login delays that occurred when Elasticsearch was temporarily unavailable.
• Fixed an issue of product crash during work-group synchronization.
• Resolved an issue in log source export when the device status was disabled and the corresponding agent was down.
• Fixed an issue with triggering log collection failure alerts for syslog devices.
• Fixed an issue with updating the device log collection mode.
• Fixed LDAPS communication issues during domain object reload.
• Fixed an issue where old archives were created during SQL Server log collection.
• Resolved an issue with manual device group updates through the UI.
• Fixed an issue where the message field was missing in the search API response for certain log types.

Issue fix

• Fixed issues related to an authentication bypass vulnerability (CVE-2026-3324) affecting exposed V1 APIs.

Issue fix

• Kafka meta data corruption issue caused by current snapshot deletion has been fixed

Issue fix

• Port exhaustion issue caused by unclosed Kafka customer instances has been fixed.

Issue fixes

• Fixed an issue where cached records were generated due to an archival thread block.
• Fixed excessive server.out file growth caused by Windows session activity rules.
• Resolved an issue encountered while adding the 11th processor.
• Fixed a cluster creation issue when using the HTTPS protocol.
• Resolved an issue that led to the creation of multiple Elasticsearch indices.
• Improved performance of Windows domain device addition.
• Fixed an issue with dashboard header widgets not loading properly.
• Resolved an issue where the Reports page continued loading when multiple device sources were added.

Issue fixes

• Fixed an issue where an invalid URL (http://<hostname>:80/ela/) was generated during SDP integration in Log360-integrated setups with reverse proxy enabled. Reverse proxy URL construction is now handled correctly in the backend for both context-based and port-based configurations.
• Fixed an “Invalid request” error that occurred while modifying technician roles due to a data type mismatch during role update processing.
• Fixed an issue where alerts with Closed status were not exported in PDF and CSV formats when using custom alert views.
• Fixed an issue that prevented updating email addresses in alert configurations by improving asynchronous email notification handling.
• Updated the label “Add individual IPs” to “Add individual IP address/hostname” to reflect support for both IP- and hostname-based access restrictions.
• Fixed an issue in Smart Card authentication where saving certificate configurations failed due to parameter length limitations.
• Fixed an issue where technicians with view or manage permissions were unable to export incident details using the direct export option.
• Fixed an issue where users with Log360, ADAP, and DSP licenses received incorrect component availability messages when DSP integration was not intended.
• Updated the description in CMMC Compliance → Cloud Sources to correctly reflect supported tenant configurations.
• Fixed a startup failure caused by database initialization issues.
• Fixed UI inconsistencies in the text editor in Alert email notification template when editing table content.
• Fixed an “Invalid request” error encountered while updating custom technician roles with specific action combinations.
• Fixed an issue in AD Risk Posture where custom field values set to 0 could not be edited.
• Fixed an "Invalid input" error encountered during SMS-based two-factor authentication configuration.

Issue fixes

• Parsing issues in Fortinet VPN logs, MSSQL logs, and custom log formats has been fixed.
• Support has been provided to parse Unix logs of RFC 5424 date format and source and destination MAC address fields in Sophos UTM logs.
• Some minor issues in the product UI have been resolved to improve usability and user experience.
• A minor error in updating the status of disabled MySQL devices has been fixed.

Issue fixes

• The MySQL format identification flow has been updated, and related log duplication issues have been fixed.
• Log duplication caused by format mismatches in archive index names during archive file loading has been fixed.
• Indexing failures that occurred due to client reinitialization have been resolved.
• An issue that affected Elasticsearch archive index cleanup has been fixed.
• Localization breakages that occurred when the language was set to Browser Default have been resolved.
• Fixed an issue that prevented report exports from functioning correctly.

Issue Fixes

• This release includes issue fixes aimed at improving system stability, detection accuracy, and overall user experience.

Enhancement

• Introduced impossible travel detection that identifies logins from different countries occurring within an unusually short time frame.

New feature

• Log360 now supports Single Sign-On (SSO) using SAML authentication method, bringing enhanced security and a seamless login experience to enterprise environments.
  • NTLM: Enables integrated Windows authentication for domain-joined users. Once users are signed into their Windows machines, they can access Log360 without entering credentials again.
  • SAML: Seamless user login via trusted SAML identity providers such as Okta, OneLogin, Ping Identity, ADFS, Azure AD, and custom identity providers. SAML SSO ensures secure authentication by validating signed assertions and enables centralized access control for cloud and hybrid environments.

Enhancement

• The Tomcat version bundled within the product has been upgraded to 9.0.107 for enhanced security.

Note: For users upgrading from Build 13000, NTLM authentication support has been added. This feature already exists in earlier builds and remains unchanged for users upgrading from versions prior to 13000.

New features

Release summary:

This update introduces a re-engineered detection architecture in Log360, focused on reducing false positives, improving alert fidelity, and enhancing rule management. It includes a centralized detection console, improved rule creation workflows, and objectlevel filtering across prebuilt rules.

• Centralized detection console
  A single-pane view to manage detections across MITRE-mapped rules, UEBA, correlation, and threat intelligence content.
• Unified security dashboard
  Monitor rule coverage, alert trends, and detection health continuously.
• Object-level filtering
  Apply filters at user, group, and OU levels across predefined rules to focus on high-value signals and eliminate noise
• Rule tuning insights
  Optimize rule performance through tuning insights and recommendations, helping reduce noise and improve detection fidelity.
• Enhanced rule creation and management
  Build and manage detection rules using an interactive UI for Standard, Anomaly, and Advanced rule types without relying on complex query languages.
• Scalable architecture enhancements
  Horizontal scalability with processor clusters, role specialization (correlation, alerting, search), and centralized multi-site collection for consistent performance at scale
• M365 log source support
  Expanded detection coverage for Microsoft 365 audit events, ensuring cloud activity is included in your detection pipeline.

Learn more:

• Explore the rule library
• Join the launch webinar

Enhancements

• Integrations:
  • RSA SecurID REST API integration support (recommended method as SDK is deprecated).
  • Integration settings reorganized under Settings → Log360 Integration → Advanced Configuration.
• UI & Usability:
  • Reverse proxy feature will now appear only when a component is integrated.
• Device Management:
  • The inheritance feature has been removed, allowing all devices to be deleted when needed.
  • A confirmation option is now shown during device deletion to choose whether the change should be synced with ADAudit Plus. The deleted device list will also be shared with the respective ADAudit Plus user.
  • Enable and disable actions will no longer sync with ADAudit Plus to avoid confusion.
• Centralized Technician Management:
  • Delegation can now be assigned to Active Directory (AD) groups and organizational units (OUs). Users within the assigned OU or group can now login automatically without being added manually.
  • Added a new Group View for better visibility and management.
  • Introduced a Filter option on the Technician page for easier navigation and search.
• Compliance:
  • Added an Advanced Configuration option under Manage → New Compliance → File Audit. This allows selecting specific products to view related report details and data.

Issue Fix

• Fixed an issue affecting manual AD domain object synchronization.

Issue fix

• Fixed an issue that caused multiple empty Elasticsearch indices to be created.

Issue fix

• Log360 login issues seen in specific Chromium builds have been fixed.

Issue fix

• Internal code refactoring has been implemented to improve product security.

Enhancements

• This update delivers enhanced compatibility to ensure smooth handling during the dis‑integration of EventLog Analyzer from Log360.

Issue Fix

• The sync issue between Log360 and sub-products after MSSP integration has been fixed.

Issue Fix

• A minor bug has been fixed to clean up the temporary tables that were left undeleted after a failed AD sync.

Enhancement

• Security advisory subscription

  Support for subscribing to security advisory emails has been introduced. Subscribers will receive notifications when important vulnerability fixes are released for the product.

Enhancement

• Improved database synchronization between child components and Log360 for better consistency and performance.

Issue Fixes

• The issue where the "Add to Widgets" option in the dashboard displayed extra widgets for EventLog Analyzer has been fixed.
• The issue affecting the Reports page when Log360 and the EventLog Analyzer managed server are installed on the same machine, and the Admin Server is hosted on a different machine integrated with Log360, has been fixed.
• Proper alert messages are now displayed for product activation failures.
• The issue with logo display in the product title across various system locales has been fixed.
• The issue where the status could not be verified for built-in Domain Administrator related rules in Active Directory security risk posture has been fixed.
• Support has been added for using older Microsoft SQL Server JDBC connection strings.
• An issue where MS SQL database migration failed due to a password policy length restriction has been resolved.

Issue Fix

• The integration failure that occurred when a child component contained large domain objects has been fixed.

Enhancements

• To enhance security, user access permissions for the Search Engine Management (SEM) node installation folder have been updated.
  • For new SEM node installations, only specific system and administrator accounts are granted access by default.
  • For existing SEM node installations, administrators must manually apply the updated permissions by running the provided script.

Refer to this document for detailed steps on securing SEM node installations across Windows and Linux.

Enhancement

• "Exclude OUs" component is now available in Log360, aligning it with EventLog Analyzer's functionality. Users can select a parent OU without including child OUs by enabling the 'Exclude child OU(s)' option under the OU Filter.

Enhancements

• The Java Runtime Environment (JRE) package has been upgraded to Zulu JRE 1.8.0_345 for Log360, along with its bundled components ADAudit Plus, EventLog Analyzer, and Log360 UEBA.

Note: Service pack updates for Log360 will not upgrade the Zulu JRE 1.8.0_345 for Log360's components.

Issue Fix

• An issue during bulk device synchronization between EventLog Analyzer and Log360, that occurred when the Convert host call API threshold limit exceeded 200 per minute, has been rectified by increasing the limit to 1500 per minute.

Issue Fix

• Issues with the node name in the Search Engine Management console have been fixed. This occurred when EventLog Analyzer was integrated with Log360 using an IP address or Fully Qualified Domain Name (FQDN).

Enhancement

• All component integrations will now require the credentials of the component's super administrator.

New Feature

• Log360 now offers out-of-the-box compliance reports for the New Federal Act on Data Protection (nFADP).

New Feature

• Log360 now offers out-of-the-box compliance reports for the European Union's Network and Information Systems Security Directive (NIS 2).

Enhancement

• The bundled PostgreSQL database of Log360 along with EventLog Analyzer and Log360 UEBA has been upgraded to 14.12.

Note: Service pack updates for Log360 will not upgrade PostgreSQL (14.12) for the Log360's components.

Enhancement

• A dedicated troubleshooting page has been created to address errors that occur when clicking the component app icon in AppsPane.

Issue Fix

• Minor bugs have been fixed to improve overall performance, stability, and user experience.

Features

• Out-of-the-box compliance reports are now available in Log360 for the following compliance standards:
  • PCI-DSS, updated to version 4.0
  • ISO 27001-2022

Issue fixes

• An issue in viewing the domain dropdown in the ADAudit Plus and ADManager Plus tabs on the home dashboard has been fixed.
• An issue in delegating EventLog Analyzer to Log360 technicians when the device group count exceeds 50 has been fixed.

Enhancement

• Maverick SSH library has been upgraded to support OpenSSH v7.8+ SSH keys.

Issue fixes

• The issue with NTLM SSO authentication has now been fixed.

Issue fixes

• The product version in the registry will now be updated automatically during the service pack upgrade.
• The issue where decommissioned devices were incorrectly allocated in child products, EventLog Analyzer and ADAudit Plus has been resolved.
• An issue preventing password change when using special characters has been fixed.
• The issue preventing logos with spaces in their file names from displaying in the UI has been corrected.
• The issue with fetching restored Active Directory user objects in Centralized Technician Management has been addressed.
• The integration failure when a child component's server was assigned multiple IP addresses has been resolved.

New Feature

Integration with ManageEngine's privileged access management solution, PAM360

Log360 now integrates seamlessly with ManageEngine PAM360, fortifying your privileged access routines. This integration enables you to:

• Use the dashboard to view the password and user activity of PAM360 from Log360's console.
• Meet multiple compliance regulations and generate clear, concise audit records.

Enhancements

• Minor usability enhancements have been implemented in Log360 to improve the user experience.
• The SIEM component now ensures consistent loading even after multiple reloads.

Enhancements

• Inline errors are introduced in the password fields.

Issue Fixes

• The password complexity tooltip now correctly appears when passwords that meet the requirements are pasted.

Issue fixes

• Repetitive database synchronization calls have been reduced for the optimal use of heap.
• An unknown server being added to the Search Engine Management page during the initial launch of Log360 has been fixed.

Enhancements

• Bugs in the home dashboard module have been fixed to enhance the performance, stability, and user experience.
• Following the integration of ManageEngine applications from the Log360 suite, the home dashboard will automatically feature a dedicated tab for that application.

Enhancements

• Only domains with technicians configured will appear in the drop-down menu for Login authentication type.

Issue Fix

• An unidentified node error encountered in the Search Engine Management. console following the migration of Log360 to a new server has been resolved.
• A problem with viewing the ADAudit Plus domain OU in Device Allocation Management has been addressed.
• An issue where the ADAudit Plus integration tab was missing after updating Log360 has been rectified.

Features

• Global search: The global search feature has been added to Log360, enabling searches across all sections, including Reports, Compliance, Administrative Settings, and Help Documentation.
• Dark web monitoring

  You can now scan the deep and dark web continuously for leaked credentials and personal information associated with your organization, employees, and third-party vendors in Log360 through our partnership with Constella Intelligence.

  You can identify if your domains or other digital assets have been compromised in supply chain breaches through real-time alerts, and investigate and respond to threats quickly and efficiently.

  Learn more
• Integration with ManageEngine's EDR, Endpoint Central:

  Log360 now integrates seamlessly with ManageEngine Endpoint Central, fortifying your endpoint security posture. This integration enables you to:

  • Leverage advanced correlation rules and custom alert profiles to detect potential exploits targeting vulnerabilities and misconfigurations.
  • Detect privilege escalation and lateral movement attempts, zero-day vulnerability exploitation, and more.
  • Mitigate threats efficiently by approving and deploying patches directly through new incident workflow actions.
  Learn more
• External threat feeds integration:

  You can now import Sigma rules into Log360 as alert profiles and detect security threats.

  Sigma is a widely adopted format for security signatures, allowing you to detect suspicious activities in your environment.

  • Log360 now supports comprehensive monitoring of your Salesforce Cloud environment.

Enhancement

• The GUI of the compliance page has been revamped. This will enable enhanced navigation and management of compliance reports.
• Correlation rule package

Log360 now adds 16 new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting living off the land attacks.

Note: EventLog Analyzer should be upgraded to version 12460 for the MS SQL risk posture feature to function properly.

Enhancement

• Internal Code Refractoring and Product Cleanup which includes code, libraries and files.

Enhancements

• Support for Duo Security Web v4 SDK: You can now configure Duo Security using Web v4 SDK as a secondary authentication factor to verify users when they log into Log360. Duo security has announced end-of-life for Web v2 SDK on 30 March, 2024. We recommend all users to configure Web v4 SDK immediately.
• Tomcat has been upgraded from version 9.0.82 to 9.0.83. This upgrade addresses the session timeout issue in Tomcat.

Features

Incident Workbench

Log360 now introduces an exclusive threat investigation console in its SIEM component for advanced contextual analytics with multiple integrations. This console is called the 'Incident Workbench' and can be invoked from multiple dashboards of SIEM. The features include the following:

• User behavior analytics and activity overview

  This analysis is offered through UEBA.

• Process analytics

  This analysis consists of process spawning with parent-child process trees available in multiple graphical formats.

• Threat analytics

  This analysis is offered through the integration of Log360's Advanced Threat Analytics for in-depth risk analysis of IPs, URLs, Domains, and files. Along with the default threat analysis available under Log360 Cloud Threat Analytics, the integration of VirusTotal, one of the largest live threat feeds, is also introduced in this release and will be available in the Incident Workbench

Users can add upto 20 analytical tabs in a single instance of the Incident Workbench and can save it to Incidents as Threat Evidences.

Device summary

Log360 now introduces an analytical console to view the overall device summary events. This console can be invoked from the SIEM dashboards. Users can find event summary for the selected period, top active users, file monitoring events, device severity events, alerts summary, and activity overview for the applications configured in the device.

Enhancement

• Correlation rule package

  Log360 now adds 50+ new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting suspicious process spawning, use of prevalent attacker tools like Mimikatz and Metasploit, and living off the land mechanisms with the exploitation of native binary tools and utilities.

Issue fixes

• An issue that caused errors when adding Active Directory (AD) technicians to Data Security Plus via Log360 has been resolved.

New feature

• Log360 can now be integrated with Log360 MSSP (Build 4000).

Issue fix

• The issue causing PPM failure during the upgrade of Log360 builds between 5220 and 5261 to break PPM 5400 has been resolved in build 5402.

Enhancements

• The public key certificate used for service pack upgrade has been updated. This will enable seamless application of upcoming service packs.

Feature enhancement

ML based automation for alerts threshold:

Log360 now offers an industry-first, dual-layered system for precise and accurate threat detection in its TDIR module, VigilIQ. The new adaptive threshold feature

• Uses ML algorithms to analyze the usual occurrence of events
• Automatically determines the threshold values to trigger alerts
• Enhances alert efficiency by minimizing false positives and optimizing true positive triggers

Enhancement

• The version of Tomcat bundled with the product has been upgraded to 9.0.82
• JSON library used in the product has been upgraded to the latest version (json-20231013), thereby preventing potential vulnerability (CVE-2023-5072).
• For enhanced security, user permission for the product's root folder has been modified. Permanent access to the folder will only be given to the installed user and the administrator group users. Learn how to secure your Log360 installation.

Issue Fix

• Issue with the integration removal process of EventLog Analyzer/ADAudit Plus has been fixed.

New feature

New out-of-the-box compliance reports: Audit ready and out-of-the-box compliance reports are now available for the following compliance standards:

• Qatar Cybersecurity Framework (QCF)
• Trusted Information Security Assessment Exchange (TISAX)
• Kingdom of Saudi Arabia Essential Cybersecurity Controls (KSA-ECC)
• Saudi Arabia's Personal Data Protection Law (PDPL)
• National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
• United Arab Emirates National Electronic Security Authority (UAE-NESA)
• General Law for the Protection of Personal Data (LGPD)

These out-of-the-box compliance reports will help monitor the security posture of the network, and stay compliant to the respective compliance mandates.

Fixes

• Invalid license error while applying license has been fixed.
• Auto update issues have been fixed. (Note: Users must upgrade to build version 5334 or above manually for auto updates to work in the future builds.)

New Feature

Security and risk posture management for MSSQL servers

Log360 is now equipped with the security and risk posture management feature for MSSQL servers. With this, the users can:

• Check whether the MSSQL servers meet the benchmark requirements set by CIS (Center for Internet Security). This feature uses rule sets based on this framework to verify security of MSSQL server
• Calculate risk percentage of MSSQL servers based on failure or success of rules.
• Get insights and remedial steps for failed rules to reduce risk percentage.

Note:
EventLog Analyzer needs to be upgraded to build 12323 for this feature to be available.

Enhancements

• The loading time of the dashboard has been reduced, enhancing dashboard performance.
• Log360 is now compatible with ADAudit Plus 7215.

Enhancements

• Resolved server output growth issues.

Enhancements

• Get to know the compliance mandates that Log360 adheres to in the Support tab.

Enhancement

• Elasticsearch will now automatically restart if it crashes

New feature

• Log360 now has out-of-the-box compliance reports for the Systems and Organization Controls (SOC 2).

Issue Fix

• This release fixes the security vulnerability (CVE-2023-35785), reported by dalt4sec.

Feature

• IP-based Access Restriction: You can now allow or restrict access to Log360 and its integrated components (Exchange Reporter Plus, EventLog Analyzer, ADManager Plus, ADAudit Plus) based on a specific or range of IP addresses. Also, access can be allowed to APIs and product URLs separately.
• The Centralized Technician Management feature now supports limited editions of ADManager Plus.

Issue Fixes

• SSL ciphers have been upgraded to support forward secrecy.
• Minor bugs have been fixed.
  • The time taken to load the Create New/Edit Compliance page has been reduced.
  • PostgreSQL reports in CCPA has been added.
  • Component down shown in Log360 dashboard after changing the protocol has been fixed.
  • Azure Cloud Directories that were incorrectly synced have been removed from Log360 domains and the delegations have been properly handled

Enhancement

• The start-up speed in Log360 has been improved.

Issue Fix

• Issues with integration details not being removed from Eventlog Analyzer during integration removal process has been fixed.

Issue Fix

• The out of memory issue has been fixed in larger environments.
• Issues with syncing Active Directory Users under the Centralized Technician Management console after upgrading to build 5300 and above have been fixed.

New feature

• Log360 now has out-of-the-box reports that helps government institutions meet the Criminal Justice Data Communications Network (CJDN) network security policies.

Fix

• Issue when trying to enter the password during remote integration has been fixed.

Enhancement

• Product will now automatically increase the heap allocated (when not sufficient) for Elasticsearch.
• The version of Tomcat bundled with the product has been upgraded to 9.0.65.
• The version of 7zip bundled with the product has been upgraded to 21.6.

New Feature

• Log360 now has out-of-the-box compliance reports for the Saudi Arabian Monetary Authority (SAMA) cybersecurity framework.

New Feature

Security and risk posture management

• Log360 is now equipped with the security and risk posture management feature for Active Directory. With this, the users can:
  • Get to know the overall risk posture of Active Directory infrastructure based on Microsoft's Security Guidelines. The solution also offers users insights on the vulnerability and recommendations on fixing them.
  • Continuously assess the Active Directory environment for security risks and get granular visibility into the weak and risky configurations of AD.
  • Customize the risk rules based on the internal security requirements.

Feature

• Compliance Support is now available in Log360 for ELA Cloud Sources - AWS Cloud Source logs.

Note : EventLog Analyzer needs to be upgraded to build 12280 for this feature to be available.

Issue Fix

• 'Wrapper in use' error that occurred while upgrading PPM has been fixed.

New Features

Log360 now monitors the data folder(s) of Search Engine (Elasticsearch) and notifies you when the drive where the indexed data is stored, has only 5GB of disk space left.

Note:

• EventLog Analyzer needs to be upgraded to build 12274 for this feature to be available.

Hot Fixes

• Config file corruption due to insufficient storage has been fixed.
• Issues with accessing Log360 UI post upgrade (in build versions 5269 and above) have been fixed.

New feature

• A customizable dashboard where the user will be able to add tabs, customize tabs, add widgets, customize widgets with other customizations such as Full Screen and Dark theme.

Enhancement

• The GUI of the dashboard page in Log360 has been revamped.

New feature

• Log360 now offers audit-ready compliance reports for:
  • GLBA
  • ISO 27001:2013
  • Cyber Essentials
  • ISLP
  • NRC
  • COCO
  • NERC
  • FERPA
  • PDPA

Features

• In-app push notifications: Get notified about security releases and vulnerabilities within the app.

Enhancement

• Log360 now allows you to configure your mail server using SMTP (Basic or OAuth authentication) or using your mail service provider’s API.

Important Update

• Third-party requirement for NTLMv2 SSO: To enable NTLMv2 SSO for ManageEngine Log360 and the integrated components in builds 5282 and above, you will have to manually download the Jespa JAR file and add it to the product's lib folder. For more information, click here.
• Note for customers who are on build 5281 or lower: If you have already enabled NTLMv2 SSO, you can continue using the feature and no further actions are needed.

Notes: Please ensure that you integrate EventLog Analyzer version 12250 or above in the latest and upcoming builds of Log360 (Build 5282 and above).

Enhancements

• The Centralized Technician Management feature now supports limited editions of M365 Manager Plus and Exchange Reporter Plus.

Fixes

• Issues while editing multiple delegations using Log360's Centralized Technician Management console have been fixed.

Features

• You can now reorder the integrated components in the apps pane.
• Microsoft Authenticator and custom TOTP authenticator can be added.
• Log360 now provides out-of-the-box compliance reports for California Privacy Rights Act (CPRA).

Enhancements

• The GUI of the integration page in Log360 has been revamped.

Fixes

• Issues faced by admin technicians in downloading scheduled compliance reports have been fixed.
• An issue where emails had corrupted zip files for scheduled compliance reports in CSV format has been resolved.
• Issues in translating the overview PDF to Japanese and Chinese in scheduled compliance reports have been fixed.

Fix

• When you add a new technician using Log360's Centralized Technician Management console and delegating that technician with access to EventLog Analyzer component, there was an issue in delegating device groups, when the count was more than ten. This issue has been fixed.

Enhancements

• When EventLog Analyzer is integrated with Log360, the disconnected or stopped child product's Elasticsearch node will auto restart when Log360 is started.

Note: EventLog Analyzer needs to be upgraded to build 12239 for this feature to be available.

Enhancement

• The size of the installation file (.exe) has been reduced.

Fixes

• Internal code refactoring has been done.
• With the centralized technician management feature (from Build 5250), there was an issue with managing the existing AD technician accounts before the upgrade. This issue has been fixed.

Enhancements

• Java Runtime Environment (JRE) package has been upgraded to Zulu JRE 1.8.0_282.

New feature

• The default installation location has been changed to Program Files/Program Files(x86), based on the architecture.

Note: Kindly ensure that you integrate EventLog Analyzer version 12225 or above in the latest and upcoming builds of Log360 (Build 5268 and above).

Fixes

• Device synchronization issues have been fixed.
• Installation and uninstallation issues have been fixed.
• Out of memory issues have been fixed.
• Domain synchronization issues have been fixed.

Fix

• While integrating a product in Log360 using an alias name, SAN names revert to the common name or hostname. This is now fixed.

Feature

• Browser notifications: Get push notifications in your web browser for product downtime, updates, new events (workshops, webinars, seminars), and more.

Fixes

• Issues while accessing Eventlog Analyzer reports tab from Log360's apps pane using the reverse proxy URL are fixed.
• Reflected XSS is fixed.
• CSRF token generation will be session-based now.

Issue fixes

• A rare upgrade failure issue has been fixed.
• Issues with auto update for builds starting from 5256 have been fixed.

Note: Auto update will not work for builds starting from 5256 to 5261. Users will have to manually update these builds.

Enhancements

• The version of Spring Framework jar bundled with the product has been upgraded to 5.3.18.

Enhancements

• Internal code refactoring for enhanced security.

New feature

• Log360 now has out-of-the-box compliance reports for the Protection of Personal Information Act (POPIA).

Fix

• Issue in Startup notification mail has now been fixed.

New feature

• Log360 now has out-of-the-box compliance reports for the Cybersecurity Maturity Model Certification (CMMC).

New feature

• Centralized Technician Management: Technicians accounts can be managed centrally from the Log360 UI for all the components.

Note: Limited versions of ADManager Plus, M365 Manager Plus and Exchange Reporter Plus do not support Centralized Technician Management Feature.

Fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-44832).
• Removed log4j-1.2.15.jar in Log360\lib folder

Issue fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-45105).

Issue fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-45046).
• JAR-hell issue post 5243 service pack is fixed.

Fix

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-44228).

Enhancement

• Internal code refactoring for enhanced security.

Fix

• Clickjacking vulnerability which could allow an attacker to disclose information or redirect users, has been patched.

Enhancement

• The version of PostGreSQL bundled with the product has been upgraded to 10.18.

Enhancement

• Security Hardening tab to manage and configure all security settings of Log360 from one place.
• Mandatory default password change for built-in admin account.

Fixes

• Internal Bug Bounty fixes
• Internal code refactoring

Fix

• Apache Struts dependency has been removed from Log360 to fix the vulnerabilities caused by it.

Fix

• This release includes a fix for a critical security vulnerability with ID CVE-2021-20136, to prevent remote code execution (RCE).

Fix

• This release includes a fix for the remote code execution (RCE) issue when migrating the DB server, reported by moon.

Fix

• Internal code refactoring has been done.

Fix

• Internal code refactoring has been done.

Issue fix

• An authentication bypass vulnerability affecting REST API URLs, which was rated critical, has now been fixed.

Fix

• EventLog Analyzer was not loading properly when accessed from Log360's apps pane. This issue was observed in builds released post 12160 and 5220 of EventLog Analyzer and Log360 respectively. It has now been fixed.

Fixes

The following security issues have been fixed.

• ZVE-2021-2132: Remote code execution issue using BCP file overwrite reported by Sahil Dhar.
• ZVE-2021-2020: Multiple stored cross-site scripting vulnerabilities reported by Sahil Dhar.
• ZVE-2021-2407: OS Command injection vulnerability reported by Thai.

Fixes

• The CSRF vulnerability has been fixed to prevent possible attacks.
• The following security issues have been fixed:
  • ZVE-2021-2034: The CSRF vulnerability in disabling logon security settings. (The issue was identified by reporter, Sahil Dhar).
  • ZVE-2021-2018: Remote code execution using the arbitrary file overwrite vulnerability. (The issue was identified by reporter, Sahil Dhar).
  • ZVE-2021-2033: The issue in validating LOGO_PATH key value in the stored XSS logon settings. (The issue was identified by reporter, Sahil Dhar).

Issue fixes

• This release includes the fix for ZVE-2021-1509 unrestricted file upload issue that led to remote execution of code, thereby allowing unauthorized access to the server, reported by Sahil Dhar.
• It also includes the fix for CSRF ZVE-2021-1508 vulnerability attack on proxy settings that has been restricted, reported by Sahil Dhar.

Bug bounty fix

• Zip-Slip vulnerability that arises when uploading a zip in SSL certification tool has been fixed.

New feature

Centralized device allocation:

• Windows devices can be centrally managed across the log management and active directory auditing components of Log360.

Enhancements

• The log management component of Log360 can now be deployed in distributed environments and monitored centrally.

Note:

• By default, Log360 auto updating capability will be disabled. Manually enable it to automatically update to the latest version.
• Kindly ensure that you integrate EventLog Analyzer version 12150 or above and ADAudit Plus version 6065 or above in the latest and upcoming builds of Log360 (Build 5214 and above).

New feature

• Reverse proxy support: Log360 can now be configured as a reverse proxy server. Enhance security for your servers, as their identity is protected and all communication between them and their clients is routed through Log360.

Enhancement

• User interface enhancements
  • The apps pane in the product has been enhanced to make it easier to access.
  • The option button to jump to related products has been enhanced for better visual appeal.
  • The components integrated with the product will now load automatically to reduce the UI loading time.
  • The Log360 logo will now be displayed across all the components inside the product.
• Automated updates: This option allows you to automatically detect, download, and apply the product updates as soon as they are released.
• The version of jQuery bundled with the product has been upgraded to 3.5.1.

Fix

• Domain users were able to view data that should be accessible only to product admins using a specific URL. This issue has been fixed.

Enhancements

• Get real-time alert notifications when malicious techniques defined in the MITRE ATT&CK framework are detected in your network.
• Analyze incidents comprehensively with detailed security analytics reports.
• Group different 'techniques and tactics' alerts into a single logical incident for organized investigation.
• Group different alert events as an incident and assign it to an analyst.
• Investigate incidents better by viewing all the related events and actors involved.
• Manage and bring down the incident resolution time using different metrics such as incident age, and more.

Click here to access Log360 Build 5220_Beta (Beta version).

Enhancements

• The version of Tomcat bundled with the product has been upgraded to 8.5.57
• The version of PostgreSQL bundled with the product has been upgraded to 10.12
• The NTLM single sign-on authentication protocol has been upgraded to SMB2.

Enhancements

InstallShield 18 has been adopted for installing the solution. The user can now choose from three modes of installation:

• Standard Installation- All Log360 components will be installed.
• Custom Installation- The user can choose the required components to be installed.
• Minimal Installation- Only the Log360 build will be installed.

Fix

• The issue which caused the GUI to not load properly and displayed a Refused to connect page while accessing certain components of Log360 has been fixed.

Feature

• File Integrity Monitoring console: Log360 now has a dedicated console for file integrity monitoring. This integrated console enables you to configure file integrity monitoring centrally for file servers su

Fix

• The failure of Elasticsearch server restart due to timeout has been fixed.

Fixes

• The issues experienced while upgrading Log360 to later builds have now been fixed.
• Issue in Manage Compliance tab for service pack upgrades has been fixed.

Fix

• Index archival in Elasticsearch has been fixed.

Fix

• This release includes fix for the CVE-2020-24786 vulnerability, which allowed unauthenticated changes to integration system configuration, reported by Florian Hauser.

New features

• Integrated Cloud Security Plus reports: You can now integrate Cloud Security Plus reports in Log360 and view all the reports under the Log360 reports tab.
• Centralized SSL configuration: You can configure SSL centrally from Log360 for the components.

Enhancement

• Workgroup Servers: Workgroup servers will be synchronized in ELA and ADAP automatically.

Fix

• Issue in mail synchronization has been fixed.

Fix

• Issue in EventLog Analyzer's integration with Log360 due to the presence of multiple unpingable devices has been fixed.

New feature

• FISMA, GPG, GDPR, CCPA, and SOX compliance reports: Log360 now has out-of-the-box reports for complying with FISMA, GPG, GDPR, CCPA, and SOX.

New feature

• Compliance management: Log360 now has a dedicated tab for managing compliance requirements. It contains ready-made reports to prove compliance with IT mandates such as PCI DSS and HIPAA.

New feature

• New login settings
  • Captcha has been included in the login page for increased security.
  • Block users: You can now set a threshold for login attempts. On reaching that threshold, the user will be blocked from trying to login for a specific period.
  • Smart card authentication: The use of smart cards/PKI/certificates has been enabled as additional options for Log360 login. If you have such an authentication system configured in your organization, Log360 can be configured to authenticate users through it, bypassing other first factor methods.
  • Two-factor authentication: Log360 now provides an extra layer of security for its users by supporting two-factor authentication during login. Supported authentication methods include:
    • Duo Security
    • RSA SecurID
    • RADIUS Authentication
    • Google Authenticator
    • Email verification
    • SMS verification
• SSL Certification tool to help you easily generate CSR and apply SSL certificates in Log360 to make the product safer for data transfer.
• Database migration: Now you can easily change Log360's bundled PostgreSQL database to Microsoft SQL Server or another instance of PostgreSQL from the web console.

Enhancements

• Backup Log360's data on Microsoft SQL Servers, in addition to PostgreSQL databases.
• Navigate to all the individual components of Log360 from the single tray icon.
• View upcoming events such as webinars, workshops, and seminars from the Support tab.

Fix

• Issue in synchronizing devices has been fixed.

New feature

• Search Engine Management: Users can add multiple machines for the shared storage of data. This optimizes disk space and improves indexing performance.

Fix

• Issue in integrating EventLog Analyzer's Linux instance with Log360 has been fixed.

New feature

• New language options: Log360 now supports Chinese and Japanese in addition to English.

Enhancement

• The graphs in the EventLog Analyzer dashboard of Log360 have been enhanced for easy inference.

New feature

Active Directory Reporting Add-on: Get insights into critical Active Directory security incidents that could help seal the insider attacks. With this add-on, get over 45 predefined report templates that provide details on AD objects such as:

• Inactive, locked out, account expired, password expired users and more.
• Security groups, group members, groups without members, and more.
• Inactive, disabled, recently deleted computers and more.
• Disabled, unused, recently created GPOs, and more.
• All OUs, empty and recently created OUs.
• Shares in servers, permissions on folders, and more.
• Objects/servers/subnets accessible by accounts, server permissions, and more.

Fix

• Vulnerability issue in the logo file upload feature has been fixed.

New feature

User and Entity Behavior Analytics (UEBA)

Detect user and entity behavior anomalies, account compromises, data exfiltrations, and insider threats with the User and Entity Behavior Analytics (UEBA) add-on, that is powered by machine learning. This add-on offers,

• Score-based risk assessment
• Threat corroboration

Enhancement

• Log360's dashboard keeps getting better with the addition of all the latest reports and graphs from ADAudit Plus.

Fixes

• Issue in applying self-signed certificates has been fixed.
• Issue in auto-backup of EventLog Analyzer has been fixed.

Enhancement

• Technicians created in EventLog Analyzer and ADAudit Plus components of Log360 can now login to the M365 Manager Plus module.

New Feature

ManageEngine DataSecurity Plus, a data visibility and security solution, capable of data discovery, file storage analysis, and Windows file server auditing has been integrated with Log360. You can now,

• Locate, analyze, and secure personally identifiable information (PII) in your files, folders, and shares from insider and external threats.
• Gain visibility into data usage trends, file access patterns, volume of personal data in files, and file permission changes.
• Meet multiple compliance regulations, and generate clear, concise audit records as legal evidence.

New Feature

ManageEngine Exchange Reporter Plus, an auditing, alerting, and reporting solution for Microsoft Exchange Servers has now integrated with Log360. With this integration, track incoming and outgoing email messages, monitor mailbox sizes, and perform Exchange traffic analysis.

• Exchange Server reporting: Get complete information about all components of your Exchange environment, including mailboxes, distribution lists, public folders, and more.
• Exchange Server auditing: Track and report on non-owner mailbox accesses, mailbox logon activity, changes to mailbox permissions, server configurations, and more.

Fixes

• Cross Site Scripting (XSS) vulnerability issue in the search and reports page (CVE-2018-7405) raised by Suresh Khutale has been fixed.
• Vulnerability issue of remote code execution when uploaded by an agent (DDI-VRT-2018-10) has been fixed.

New Feature

ManageEngine M365 Manager Plus, an Microsoft 365 reporting, management, auditing, and alerting tool is now integrated with Log360. With this integration, get access to general and audit reports, and create alerts for critical events in Exchange Online and Azure Active Directory.

• Microsoft 365 Reporting: Access an exhaustive list of reports to get deep insights on Exchange Online and Azure Active Directory and comply with industry mandates like SOX, PCI DSS, FISMA, HIPAA, and GLBA.
• Microsoft 365 Auditing: Audit non-owner mailbox accesses, admin activities, password resets, license modifications, group membership changes, and more.
• Microsoft 365 Alerting: Create your own custom alerts for critical events in Exchange Online and Azure Active Directory to get notified via email in real-time.

New Feature

• Three new predefined correlation rules that detect suspicious SQL backup, installation of services and software.
• Logs from syslog and other devices can be forwarded to any server including file servers and Windows servers.

New Feature

• GDPR compliance reports: Offers predefined report templates to help you easily comply with the GDPR's requirements.

New Feature

• Reports of both ADAuditPlus and EventLog Analyzer have been consolidated and can be viewed in the same window.

Enhancements

• The mechanism of recording the log flow rate has been changed.
• An extra field "Display name" has been added to the pre-defined reports and search section.

Fixes

• The issue with parsing of fields for NPS events occurring on Windows Server 2016 has been fixed.
• Addition of VMware reports for created and deleted VMs (Event IDs: 13002 and 13003).
• The issue with the Solaris user account management report and SUDO command execution report has been fixed.
• Issue with populating of web traffic reports for WatchGuard has been fixed.
• The issue with the policy changes report for Symantec devices has been fixed.
• The issue with exporting reports from the "My Reports" category in EventLog Analyzer has been fixed.

New Feature

• Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
• Malicious IP and URL alerts: Upon analyzing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

New Feature

• Log360 now supports NTLMv2 authentication.
• You can now automatically back up PostgreSQL database of EventLog Analyzer and Log 360.

New Feature

• Host synchronisation mechanism has been enhanced.
  • Inherited hosts that are disabled due to license expiry or limit exceeding license count, cannot be enabled.
  • If a host has been added in one of the components, then it will be inherited automatically in the other component.