About us

Optrics is an authorized ManageEngine Partner with expertise in customized network solutions.

Optrics Call Answer Guarantee
Toll Free: 1-877-386-3763
Direct: 1-780-430-6240

If you have any questions, call us during regular business hours, and you will always speak with a person.
Monday to Friday, 8am - 5pm MST

Home / Products / Log360

Automate Log Management

Get a Demo Get a Quote or Download Free Trial

Log 360 is a comprehensive SIEM tool that helps you to resolve all the challenges of IT security administrators including automating log management, auditing Active Directory environment, public cloud log management, meeting compliance needs, protecting confidential data from security breaches, and more. through a simple and easy to use interface.

Log360 Overview

What is Log360?

The Equifax Data Breach

As we all know, Equifax reported a breach, as well as the theft of more than 143 million American's data. It's not easy to estimage what kind of damage that breach could cause to those affected and is likely to cost Equifax billions of dollars.

Trust, time and money are some of the major impacts a company can be facing with an enormous breach of security like this. While the cause of the attack is still unknown, this incident sends a grave message to all companies - any organization, big or small, is susceptible to attacks. It is important to take steps to prevent these incidents.

Even if an attack is discovered, quick incident response is needed, which begins with incident forensics - investigating the attack and its cause. All of this is possible with a powerful SIEM solution. Besides identifying and alerting you about potential or live attacks, a sophisticated SIEM tool can also help in investigating attacks and creating detailed incident reports.

Discover & deal with attacks using indicators

This white paper discusses the indicators of ongoing attacks, or even potential threats. There is no organization that's "immune" to breaches or attacks. There are a couple of categories for these "indicators". IoA (Indicators of Attack) and IoC (Indicators of Compromise).

Indicators of Attack help you prevent attacks, while Indicators of Compromise will assist with an attack that's ongoing. This white paper highlights concepts that can help you know how to configure your SIEM solution to track both of these types of indicators, in addition to creating rules to help identify breaches. This will help make sure that your data stays protected and will help improve your overall data security.

Dealing with Indicators pdf

Log Forensics Best Practices

Every organization (even yours) is vulnerable to attacks, particularly in the evolving threat landscape of today. You can launch your investigation quickly, in the event you discover a breach has occurred by searching your network logs - and discover exactly what happened to cause the breach. Time is of the essence in these situations, and you need to make sure that all your components are in place in order to conduct your investigation.

From a legal perspective, you have to be able to create proper incident reports in order to demonstrate proper compliance in addition to minimize potential legal penalties. Best practices you can follow are included in this guide that will help you leverage your SIEM solution, and have an excellent forensics system in place.

Forensics Best Practices Guide pdf

Audit Active Directory changes in real time.

Receive real-time alerts for any critical changes in your Active Directory infrastructure. With these alerts and out-of-the-box reports, Log360 ensures flawless Active Directory auditing and change monitoring. Get detailed information on AD objects, track suspicious user behavior, monitor critical changes in groups and OUs, and more.

Easily supervise Microsoft Exchange Servers.

Log360 helps you keep tabs on important activities happening in your Microsoft Exchange Servers with an intuitive interface providing granular, comprehensive, and actionable reports on all aspects of these servers.

Administer Exchange Online and Azure Active Directory through a single console.

Log360 can monitor, report on, and audit critical activities in Exchange Online and Azure Active Directory. Utilize numerous predefined reports offering exhaustive information, customizable alerts to suit your organization's needs, and email notifications to experience effortless administration of your Exchange Online and Azure Active Directory setup

Closely monitor Active Directory objects.

Log360 can monitor your AD environment and deliver exhaustive reports on AD objects, highlighting vital security information about users, computers, security groups, GPOs, OUs, files, folders, and more. Using these reports, you can plug the gaps in your network that could otherwise be exploited.

Get a Quote or Download Free Trial

Features

Log360 contains two components, with each of them providing a rich but unique set of features. These components are:

AD Auditing
EventLog Analyzer

Data Synchronization Across Components

Once the different components of Log360 are integrated, the data related to domain settings, component integration, etc., will be automatically synchronized across each component. This saves a lot of time for the administrators, as they no longer have to configure the same settings across all the four components. Any changes they make in any one of the components will be reflected in the other components also.

Detecting and enriching IoCs and IoAs with Log360

Log360 comes with a built-in, real-time event response system that detects IoCs, and a correlation engine that helps enrich IoAs. This solution also has a prepackaged global IP threat database that has over 600 million malicious IP addresses. Whenever trafﬁc from any of these IP addresses hit resources in the network, the security administrators will be notiﬁed in real-time and with the solution, they can even conﬁgure a custom script to block this IP address right away.

Real-time event response system: Log360 has over 700 prebuilt alert proﬁles that are based on meticulous study of various IoCs. Security administrators can choose to enable alert proﬁles that are relevant to their business context to detect attacks instantly.

Whenever an IoC occurs, administrators will get real-time notiﬁcations via email or SMS, as well as a detailed report on the event, speeding up the attack mitigation process. Furthermore, to reduce the number of false positives, Log360 includes the ability to create alert proﬁles for speciﬁc devices based on event frequency or time frame. Log360 also provides detailed reports on each of the following:

Unauthorized access attempts to critical databases.

Unusual login failures:: Identify who attempted to log on, from which IP address, when, and whether it was from a remote host.
Login failure details: Lists all logon failures, including why the logon failed (for example, whether it was due to a bad password or incorrect username).

Unauthorized copy of critical information.

Detailed DML auditing: Track who executed a select query in the database, from where, and when.
Copy attempts: Determine who tried to copy data, to where, and from which machine the attempt was made.

These details give Log360 users additional context, which helps them validate incidents as a threat or attack. The correlation engine: Log360 offers the capability to correlate different events across the network to recreate and detect known attack patterns.

In terms of the data breach scenario above, administrators can use Log360 to build a custom correlation rule and detect similar attacks faster. With Log360's drag-and-drop correlation rule builder, users can simply select predeﬁned actions and create a rule for any attack pattern.

Further, users can set up threshold values for each of the actions to precisely detect attack patterns and save time investigating false positives.