How to export raw log from log 360
Dear All I used Log360 to keep log from ASA firewall, but how to I export RAW log to excel file format Thank you for your support
Security Advisory - Log360 versions 5228 and below.
We have addressed a recently discovered authentication bypass vulnerability affecting the REST API URLs in Log360. This article provides more information on the issue and how to resolve it. What is the issue? An authentication bypass vulnerability affecting
LOG360 Services Stopped
Hi, The services of the Log360 program are constantly stopping. When the server restarts, it works for 10 - 20 seconds and then stops automatically. What is the reason of this? We are currently unable to use the program. Does anyone have a solution suggestion
Log360 On-Premises Improvements - SQL Auditing "Column Integrity Monitoring"
Hi Team, We are pleased with the SQL Auditing and everything works out of the box. Thanks, ME! One of the Customers wants to monitor a column that stores a money value for entries. Currently, the Column Integrity Monitoring report says, $20 has been changed
Log360 now allows technicians to access O365 Manager Plus!
Hello all! We are delighted to announce the release of Log360 build 5065. This latest build comes with the below enhancement: Apart form the admins, now the technicians created in EventLog Analyzer and ADAudit Plus components of Log360 can login to the
Getting Syslog Data from Palo Alto Cortex
Hello I am trying to get Palo Alto Cortex to talk to Log360 - to send syslog traffic to the server which is on my network, NATed to our firewall. The firewall does see traffic from our host on the IP addresses but Log360 does not appear to be set up to
Still seeing old Log4j files
So, I followed the directions here "Move the downloaded jar files to <Installation dir>/elasticsearch/ES/lib" https://pitstop.manageengine.com/portal/en/community/topic/log4j-cve-2021-44228-vulnerability-fix-1 My Nessus vulnerability scanner sees old
Steps to protect Log360 from Log4j Vulnerabilities
This post has been updated on 21/12/2021. Dear users, Three high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105), impacting multiple versions of Apache Log4j utility, were disclosed recently. We have found no evidence
Precautionary steps to protect Log360 UEBA from Log4j vulnerabilities CVE-2021-45046, CVE-2021-44228, CVE-2021-45105, and CVE-2021-44832
In Log360 UEBA , the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it. However, we strongly recommend all our customers
Apache Log4j Vulnerability (CVE-2021-44228) Fix in Log360 UEBA
The recent Apache Log4j security vulnerability (CVE-2021-44228) was publicly disclosed on December 9, 2021. It allows unauthenticated remote code execution in applications that use Apache's log4j versions above 2.0 and below 2.15.0. Log360 UEBA uses
Log360 not starting
We have purchased log360 license. The software was functioning well but suddenly it has stopped working. The details are attached
Remote Install
I'm wanting to install the Log 360 agent remotely using desktop central . Since this needs a key, is it possible to create an MST or any other way to install this agent? I have a lot of computers working remotley so using a GPO won't work.
Technician / Named user access to ADManager in Log360?
When I login with a admin or technician AD integrated user, I can get to all the modules except for ADManager. I don't see any way to give access on that module to any user but the built in Admin. Is that right or am I missing something?
Can I export raw log to excel file
Dear All I used Log360 collect log from our firewall, on web dashbord we can see top denied and allow , but I need to export raw log that have information bout source , destination , port, time . it posible to do or not, I do not see menu how to do
LOG360 UEBA disk occupation
Hello, I have done a new installation of LogAnalyzer+AdAudit+UEBA on the same server/disk. I have noticed that UEBA is occupying a lot of space, around 120GB of 200GB and has completely filled the disk. Is it possible to reduce the size of UEBA? It seems
ManageEngine named a 2020 Gartner Peer Insights Customers’ Choice for Security Information and Event Management!
ManageEngine has been recognized as a Customers’ Choice in Gartner Peer Insights Voice of the Customer for Security Information and Event Management (SIEM) for the second time. This distinction is based on 155 reviews submitted by IT security professionals who have worked hands-on with Log360. As of May 31st, 2020, Log360 secured an average overall rating of 4.5 out of 5. We take pride in building a SIEM solution that is not only easy to deploy, but also offers valuable features such as the auto-discovery
[Critical] ManageEngine Log360 - Security advisory regarding unauthenticated product integration vulnerability fix
Dear Patron, We would like to inform you that the latest version of Log360, build 5166, fixes a critical security issue. Some versions of Log360 have the unauthenticated change to integration system vulnerability, which was reported on Medium by Florian Hauser. This article explains how you can identify if your Log360 installation (including the add-ons) is affected, and fix it. It also offers the steps to protect your installation even if it is not affected. What is the issue? Log360 had a vulnerable (CVE-2020-24786) endpoint
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the Log360 community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire Log360 family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it!
Secure your cloud with this award-winning Log360 add-on.
Hello, We're thrilled to announce that ManageEngine has been named the best cloud security vendor in the Tahawul Tech Future Security Awards held in Dubai. Our solution, Cloud Security Plus, was recognized for its comprehensive cloud security features. And here's more good news: Cloud Security Plus can easily be integrated within Log360! Go ahead and try the product for free. If you like it, you can easily add it from your central Log360 dashboard. Download a free trial of Cloud Security Plus Highlights
ManageEngine's IT Security Podcast series is here! Subscribe now.
Hello, Have you ever imagined listening to your favorite IT security expert discuss the ways you can enhance the security posture of your environment on-the go? Now you can! We're thrilled to announce the launch of our weekly podcast series where our security experts, including Derek Melber, Active Directory MVP, will present their take on a wide range of IT security topics. Subscribe now By subscribing and listening to
Port 8095 redirect to port 443
Hi I have a new Log360 installation, first everything worked fine. But when I tried to add a certificate something got broken. I change server.xml but created a copy of the file first. I forgot to enable HTTPS under Admin. After I changed back to the original server.xml I cannot access Log360 at all. When I go to http://log360.domain.com:8095 I am redirected after a second to https://log360.domain.com. https://log360.domain.com is the address to ADAudit. I get the same error on server, http://localhost:8095 redirect
Tell the world how much you love us!
Dear Log360 Patrons, Your opinion greatly matters to us, and to your peers too. We'd love to have your unbiased feedback about Log360 in one of the most renowned software review platforms, Gartner Peer Insights. Review Log360 on Gartner Peer Insights I promise that the review will take just 15 to 20 minutes of your time. We really appreciate your time and effort. What you should do? Sign up at Gartner Peer Insights. It just requires your business email and a little information about your company.
Help us understand and measure your SOC performance
What gets measured gets managed. Are you measuring your security operations center's (SOC) performance? The IT security team's performance measurement has always been subjective in the last decade. With more and more security techniques emerging, organizations come up with different metrics to measure the performance of their security operations center (SOC). But, are you measuring the output correctly? Most times, organizations measure the right parameter but in the wrong way. How do you know
[Webinar] What GDPR means to IT security admins?
Hello everyone, The biggest challenge to every IT security admin in complying with the General Data Protection Regulation (GDPR) is detection and reporting data breaches within the 72-hour deadline. As an IT security admin, you would've reworked your enterprise's security strategy to prevent data breaches. But, what if it still occurs? Do you have measures in place to instantly detect the initial signs of a data breach and stop it before it sweeps personal data? Have you deployed technical measures to
Webinar: Tackle threats using this simple three-step approach
Hey everyone, This October 16th at 2pm EDT, let's talk all about threats and threat management. Join us for our webinar, "Tackling threats: The three-step approach", and discover a simple framework you can use to deal with all threats to your network. Register now » Your network is susceptible to millions of malicious actors present around the globe. Threat feeds provide all the information you need about these threats, but how do you use this information? How can you deal with threats in an efficient
TWTQ: Create a session activity rule
Hey everyone, Here's This Week's Top Question (TWTQ): Q: What are activity rules? How do I create them? A: Log360 allows you to perform in-depth user activity auditing, and track user sessions from start to close. Log360's session activity reports tell you which user started sessions on which device, when these sessions were started and ended, and the status and duration of each session. It also gives you minute details of their activity during each session in timeline form. Normally, a session
TWTQ: Session activity reports
Hey everyone, Here's This Week's Top Question (TWTQ): Q: What are session activity reports? How do I view them? A: Log360 helps you audit network activity with hundreds of reports based on the type of events found in your network logs. It also goes one step further by providing you with session activity reports. These reports help you track entire user sessions from start to close, including details of their activity during the session. You can access them by going to the Correlation tab, and selecting
Free training and certification: Learn about our latest SIEM features
Hey everyone, The latest round of our online training and certification program for Log360 is here, and it starts on August 28. Register now » What do I get by attending this program? Understand how to gain valuable insights into network and user activity. Learn about network security and auditing with practical use cases. Get expert tips and tricks on making your SIEM deployment efficient. Earn a Log360 training completion certificate absolutely free, by answering some simple questions at the end
TWTQ: The latest correlation rule builder
Hey all! Here's This Week's Top Question (TWTQ): Q: How do I create rules using the correlation rule builder? A: We are constantly updating Log360's correlation module by adding new rules or features which make it easier to use. In build 11134 of the EventLog Analyzer component of Log360 (released in May), the correlation rule builder has gotten a revamped interface, which makes it even more user-friendly. First, a quick refresher on what a correlation rule is: A correlation rule is simply a pattern
TWTQ: Enabling advanced auditing reports
Hey everyone! Here's This Week's Top Question: Q: How do I enable advanced auditing reports for my SQL Server? A: Log360 generates a wide variety of reports that help audit your SQL Servers. There is also an additional set of advanced auditing reports you can get, if you choose to enable them. These reports help any database administrator take their auditing game to the next level, by providing granular details regarding your database activity. These reports include details about users' last login
TWTQ: Tracking data values in confidential data modifications
Hey everyone, Here's This Week's Top Question (TWTQ): Q: What is column integrity monitoring? What information does it give me? A: Log360 doesn't just give you exhaustive database audit reports - it can even tell you the actual values of data which have been modified. Any database administrator knows the value of preserving data integrity in their databases. When critical data is modified, it could negatively impact your business processes. For instance, a small change to your confidential sales
TWTQ: Advanced SQL auditing reports
Hey guys, Here's This Week's Top Question (TWTQ): Q: What are the advanced reports available for auditing SQL Servers? A: Log360 allows you to add SQL Server instances with ease using its auto discovery feature, and instantly starts generating a wide variety of reports that help audit your SQL Servers. However, did you know that there is also an additional set of advanced auditing reports you can get, if you choose to enable them? These reports help any database administrator take their auditing
TWTQ: Forwarding logs from Log360
Hey everyone! Here's This Week's Top Question (TWTQ): Q: Can I forward the logs from Log360 to another server? How do I set up log forwarding? A: The log management component of Log360, EventLog Analyzer, collects logs from different devices in your network, and provides detailed reports and analysis on the log information. You may also use some other applications which process your network logs, which monitor network performance or provide visualizations for network activities. It would be tiresome
TWTQ: SQL Server autodiscovery
Hey everyone! Here's This Week's Top Question (TWTQ): Q: What database audit reports does Log360 give me? How do I configure SQL Servers using the auto discovery feature? A: Your organization's databases store a lot of business critical information, and are heavily targeted by internal and external attackers. A data breach could cost you heavily in terms of recovery costs, and legal and compliance fines. The time and effort required to recover from a data breach would also set your business back
Online training and certification: Maximise your SIEM deployment
Hey everyone, In May, we conducted our first online training and certification program for Log360. After the huge success of the first round of the program, we are happy to announce the second batch starting on July 10. Register now What do I get by attending this program? Understand how to gain valuable insights into network and user activity. Learn about network security and auditing with practical use cases. Get expert tips and tricks on making your SIEM deployment efficient. Earn a Log360 training
TWTQ: Configuring IIS servers and sites
Hey everyone, Here's This Week's Top Question (TWTQ): Q: How do I configure Microsoft IIS websites for monitoring? A: A medium to large organization's web server handles thousands of requests from all over the globe. Your web servers' logs contain a wealth of information that you can utilize in useful ways: Error information helps you identify problem areas and improve web server performance. User activity information helps you understand your users and ensure a good user experience. Information
[Contest alert] Log360 product pro challenge
Hello everyone, It's contest time! We're excited to announce our first ever contest on this forum, the "Log360 product pro" challenge. Over the last several weeks, we collected the questions that you all frequently asked us, and answered them right here in our community. You can find all of the posts (linked below) on our EventLog Analyzer forum. So if you were paying attention, it's time to prove what a pro you are, and stand a chance to be one of our three lucky winners who win a $25 Amazon gift
Free GDPR resources
Holla! The most talked about compliance mandate, the GDPR, is finally here. Check out our GDPR resources zone to get answers to the following questions. How will the GDPRaffect your business? What are the actions that security administrators should take to ensure GDPR compliance? How can Log360 help you meet GDPR's requirements? Running into issues with the GDPR adoption? Feel free to leave a comment so that our compliance experts can help you. Cheers, Madan Gowri
[Resource] Seamless security incident management with EventLog Analyzer
Free solution brief: About EventLog Analyzer's built-in ticketing console and how to forward incident information to ServiceDesk Plus or ServiceNow. Time is the most critical factor in handling security incidents. Incidents must be detected and resolved as quickly as possible in order to keep damage to a minimum. Proper incident management is the key to this, as it allows you to track an incident's status efficiently from detection to resolution. EventLog Analyzer's built-in incident management console allows
Next Page