Can I export raw log to excel file
Dear All I used Log360 collect log from our firewall, on web dashbord we can see top denied and allow , but I need to export raw log that have information bout source , destination , port, time . it posible to do or not, I do not see menu how to do
LOG360 UEBA disk occupation
Hello, I have done a new installation of LogAnalyzer+AdAudit+UEBA on the same server/disk. I have noticed that UEBA is occupying a lot of space, around 120GB of 200GB and has completely filled the disk. Is it possible to reduce the size of UEBA? It seems
ManageEngine named a 2020 Gartner Peer Insights Customers’ Choice for Security Information and Event Management!
ManageEngine has been recognized as a Customers’ Choice in Gartner Peer Insights Voice of the Customer for Security Information and Event Management (SIEM) for the second time. This distinction is based on 155 reviews submitted by IT security professionals who have worked hands-on with Log360. As of May 31st, 2020, Log360 secured an average overall rating of 4.5 out of 5. We take pride in building a SIEM solution that is not only easy to deploy, but also offers valuable features such as the auto-discovery
[Critical] ManageEngine Log360 - Security advisory regarding unauthenticated product integration vulnerability fix
Dear Patron, We would like to inform you that the latest version of Log360, build 5166, fixes a critical security issue. Some versions of Log360 have the unauthenticated change to integration system vulnerability, which was reported on Medium by Florian Hauser. This article explains how you can identify if your Log360 installation (including the add-ons) is affected, and fix it. It also offers the steps to protect your installation even if it is not affected. What is the issue? Log360 had a vulnerable (CVE-2020-24786) endpoint
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the Log360 community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire Log360 family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it!
Secure your cloud with this award-winning Log360 add-on.
Hello, We're thrilled to announce that ManageEngine has been named the best cloud security vendor in the Tahawul Tech Future Security Awards held in Dubai. Our solution, Cloud Security Plus, was recognized for its comprehensive cloud security features. And here's more good news: Cloud Security Plus can easily be integrated within Log360! Go ahead and try the product for free. If you like it, you can easily add it from your central Log360 dashboard. Download a free trial of Cloud Security Plus Highlights
ManageEngine's IT Security Podcast series is here! Subscribe now.
Hello, Have you ever imagined listening to your favorite IT security expert discuss the ways you can enhance the security posture of your environment on-the go? Now you can! We're thrilled to announce the launch of our weekly podcast series where our security experts, including Derek Melber, Active Directory MVP, will present their take on a wide range of IT security topics. Subscribe now By subscribing and listening to
Port 8095 redirect to port 443
Hi I have a new Log360 installation, first everything worked fine. But when I tried to add a certificate something got broken. I change server.xml but created a copy of the file first. I forgot to enable HTTPS under Admin. After I changed back to the original server.xml I cannot access Log360 at all. When I go to http://log360.domain.com:8095 I am redirected after a second to https://log360.domain.com. https://log360.domain.com is the address to ADAudit. I get the same error on server, http://localhost:8095 redirect
Tell the world how much you love us!
Dear Log360 Patrons, Your opinion greatly matters to us, and to your peers too. We'd love to have your unbiased feedback about Log360 in one of the most renowned software review platforms, Gartner Peer Insights. Review Log360 on Gartner Peer Insights I promise that the review will take just 15 to 20 minutes of your time. We really appreciate your time and effort. What you should do? Sign up at Gartner Peer Insights. It just requires your business email and a little information about your company.
Help us understand and measure your SOC performance
What gets measured gets managed. Are you measuring your security operations center's (SOC) performance? The IT security team's performance measurement has always been subjective in the last decade. With more and more security techniques emerging, organizations come up with different metrics to measure the performance of their security operations center (SOC). But, are you measuring the output correctly? Most times, organizations measure the right parameter but in the wrong way. How do you know
[Webinar] What GDPR means to IT security admins?
Hello everyone, The biggest challenge to every IT security admin in complying with the General Data Protection Regulation (GDPR) is detection and reporting data breaches within the 72-hour deadline. As an IT security admin, you would've reworked your enterprise's security strategy to prevent data breaches. But, what if it still occurs? Do you have measures in place to instantly detect the initial signs of a data breach and stop it before it sweeps personal data? Have you deployed technical measures to
Webinar: Tackle threats using this simple three-step approach
Hey everyone, This October 16th at 2pm EDT, let's talk all about threats and threat management. Join us for our webinar, "Tackling threats: The three-step approach", and discover a simple framework you can use to deal with all threats to your network. Register now » Your network is susceptible to millions of malicious actors present around the globe. Threat feeds provide all the information you need about these threats, but how do you use this information? How can you deal with threats in an efficient
TWTQ: Create a session activity rule
Hey everyone, Here's This Week's Top Question (TWTQ): Q: What are activity rules? How do I create them? A: Log360 allows you to perform in-depth user activity auditing, and track user sessions from start to close. Log360's session activity reports tell you which user started sessions on which device, when these sessions were started and ended, and the status and duration of each session. It also gives you minute details of their activity during each session in timeline form. Normally, a session
TWTQ: Session activity reports
Hey everyone, Here's This Week's Top Question (TWTQ): Q: What are session activity reports? How do I view them? A: Log360 helps you audit network activity with hundreds of reports based on the type of events found in your network logs. It also goes one step further by providing you with session activity reports. These reports help you track entire user sessions from start to close, including details of their activity during the session. You can access them by going to the Correlation tab, and selecting
Free training and certification: Learn about our latest SIEM features
Hey everyone, The latest round of our online training and certification program for Log360 is here, and it starts on August 28. Register now » What do I get by attending this program? Understand how to gain valuable insights into network and user activity. Learn about network security and auditing with practical use cases. Get expert tips and tricks on making your SIEM deployment efficient. Earn a Log360 training completion certificate absolutely free, by answering some simple questions at the end
TWTQ: The latest correlation rule builder
Hey all! Here's This Week's Top Question (TWTQ): Q: How do I create rules using the correlation rule builder? A: We are constantly updating Log360's correlation module by adding new rules or features which make it easier to use. In build 11134 of the EventLog Analyzer component of Log360 (released in May), the correlation rule builder has gotten a revamped interface, which makes it even more user-friendly. First, a quick refresher on what a correlation rule is: A correlation rule is simply a pattern
TWTQ: Enabling advanced auditing reports
Hey everyone! Here's This Week's Top Question: Q: How do I enable advanced auditing reports for my SQL Server? A: Log360 generates a wide variety of reports that help audit your SQL Servers. There is also an additional set of advanced auditing reports you can get, if you choose to enable them. These reports help any database administrator take their auditing game to the next level, by providing granular details regarding your database activity. These reports include details about users' last login
TWTQ: Tracking data values in confidential data modifications
Hey everyone, Here's This Week's Top Question (TWTQ): Q: What is column integrity monitoring? What information does it give me? A: Log360 doesn't just give you exhaustive database audit reports - it can even tell you the actual values of data which have been modified. Any database administrator knows the value of preserving data integrity in their databases. When critical data is modified, it could negatively impact your business processes. For instance, a small change to your confidential sales
TWTQ: Advanced SQL auditing reports
Hey guys, Here's This Week's Top Question (TWTQ): Q: What are the advanced reports available for auditing SQL Servers? A: Log360 allows you to add SQL Server instances with ease using its auto discovery feature, and instantly starts generating a wide variety of reports that help audit your SQL Servers. However, did you know that there is also an additional set of advanced auditing reports you can get, if you choose to enable them? These reports help any database administrator take their auditing
TWTQ: Forwarding logs from Log360
Hey everyone! Here's This Week's Top Question (TWTQ): Q: Can I forward the logs from Log360 to another server? How do I set up log forwarding? A: The log management component of Log360, EventLog Analyzer, collects logs from different devices in your network, and provides detailed reports and analysis on the log information. You may also use some other applications which process your network logs, which monitor network performance or provide visualizations for network activities. It would be tiresome
TWTQ: SQL Server autodiscovery
Hey everyone! Here's This Week's Top Question (TWTQ): Q: What database audit reports does Log360 give me? How do I configure SQL Servers using the auto discovery feature? A: Your organization's databases store a lot of business critical information, and are heavily targeted by internal and external attackers. A data breach could cost you heavily in terms of recovery costs, and legal and compliance fines. The time and effort required to recover from a data breach would also set your business back
Online training and certification: Maximise your SIEM deployment
Hey everyone, In May, we conducted our first online training and certification program for Log360. After the huge success of the first round of the program, we are happy to announce the second batch starting on July 10. Register now What do I get by attending this program? Understand how to gain valuable insights into network and user activity. Learn about network security and auditing with practical use cases. Get expert tips and tricks on making your SIEM deployment efficient. Earn a Log360 training
TWTQ: Configuring IIS servers and sites
Hey everyone, Here's This Week's Top Question (TWTQ): Q: How do I configure Microsoft IIS websites for monitoring? A: A medium to large organization's web server handles thousands of requests from all over the globe. Your web servers' logs contain a wealth of information that you can utilize in useful ways: Error information helps you identify problem areas and improve web server performance. User activity information helps you understand your users and ensure a good user experience. Information
[Contest alert] Log360 product pro challenge
Hello everyone, It's contest time! We're excited to announce our first ever contest on this forum, the "Log360 product pro" challenge. Over the last several weeks, we collected the questions that you all frequently asked us, and answered them right here in our community. You can find all of the posts (linked below) on our EventLog Analyzer forum. So if you were paying attention, it's time to prove what a pro you are, and stand a chance to be one of our three lucky winners who win a $25 Amazon gift
Free GDPR resources
Holla! The most talked about compliance mandate, the GDPR, is finally here. Check out our GDPR resources zone to get answers to the following questions. How will the GDPRaffect your business? What are the actions that security administrators should take to ensure GDPR compliance? How can Log360 help you meet GDPR's requirements? Running into issues with the GDPR adoption? Feel free to leave a comment so that our compliance experts can help you. Cheers, Madan Gowri
[Resource] Seamless security incident management with EventLog Analyzer
Free solution brief: About EventLog Analyzer's built-in ticketing console and how to forward incident information to ServiceDesk Plus or ServiceNow. Time is the most critical factor in handling security incidents. Incidents must be detected and resolved as quickly as possible in order to keep damage to a minimum. Proper incident management is the key to this, as it allows you to track an incident's status efficiently from detection to resolution. EventLog Analyzer's built-in incident management console allows
[Use case] Detecting suspicious service installations
Hello all, In this series of posts, we'll share various product use cases, their importance, and how the product can be used to solve them. In this post, we look at the correlation rule to detect suspicious service installations. Rule name: Suspicious service installed What the rule detects: This rule identifies malicious services running on your organization's devices. Why the rule is useful: At any given time, a Windows machine runs several services, all of which are required to accomplish several
[Use case] Detecting suspicious software installations
Hello all, In this series of posts, we'll share various product use cases, their importance, and how the product can be used to solve them. In this post, we look at the correlation rule to detect suspicious software installations. Rule name: Suspicious software installed What the rule detects: This correlation rule allows you to detect potentially malicious software installed within your organization. Why the rule is useful: Since organizations use hundreds of applications, it's very easy for an isolated
[Resource] Threat intelligence with STIX/TAXII threat feeds
Free solution brief: How EventLog Analyzer alerts you about malicious entities by processing the latest threat intelligence from STIX/TAXII threat feeds. Threat intelligence is organized information about potential or current attacks that threaten an organization, which helps them identify threats and make informed decisions on how to deal with them. The STIX and TAXII protocols are global standards to express and communicate threat intelligence, respectively. They help provide unified, high quality
[Resource] Network security attack handbook
Free network security handbook: How the EventLog Analyzer component of Log360 detects network attacks with event correlation. If there's one thing that's certain about the nature of security attacks, it's that they are complex and dynamic. Attackers can infiltrate your network from anywhere, progress through a series of devices unnoticed, before breaching their ultimate target and compromising your critical data or resources. The event correlation module of EventLog Analyzer is a versatile, powerful
Exchange Reporter Plus integrates with Log360
A couple of weeks back, O365 Manager Plus was integrated with Log360. We have further broadened Log360's scope with Microsoft Exchange server reporting and auditing by integrating Exchange Reporter Plus. What exactly are the new functionalities? Exchange Server reporting: Get complete information about all components of your Exchange environment, including mailboxes, distribution lists, public folders, and more. Exchange Server auditing: Track and report on non-owner mailbox accesses, mailbox logon
Security Notice
Dear Users, ManageEngine released Log360 5044 on 7th March 2018, with the following vulnerabilities fixed. Cross Site Scripting (XSS) in the search and reports page (CVE-2018-7405) raised by Suresh Khutale has been fixed. Remote code execution when uploaded by an agent (DDI-VRT-2018-10). Click here to download Log360 5044.
O365 Manager Plus integrates with Log360
Dear All, There's a new feather in Log360's cap! Joining ADAudit Plus and EventLog Analyzer in Log360 is O365 Manager Plus, an Office 365 reporting, management, auditing and alerting tool. What does this mean for you? Access to audit reports and the option to create alerts for critical events in Exchange Online and Azure Active Directory. Office 365 Reporting: Access an exhaustive list of reports to get deep insights on Exchange Online and Azure Active Directory and comply with industry mandates
[GDPR Webinar] Detecting and responding to personal data breaches.
Be GDPR-ready by this May. It's hard to prevent data breaches. Most of the time the only option that we have is containing the attack to reduce the impact. If you're a security administrator or a to-be data protection officer, then you need to definitely deploy a security solution that helps detect and report personal data breaches.The GDPR's Article 33 - Notification of data breaches to supervisory authorities says that too. Join our webinar and hear our compliance expert explain how easily you
Log collector not working
Hy, i am using event log analyzer buil no 11020 its not showing dashboard display and not collecting any log data. kindly help me Regards Balu
Log360 Users
Hi, i try log360 but i don't understand the user configuration, how can i set a new user to log into log360 ?? thk
Let us celebrate our everyday heroes!
July 28, 2017, is the SysAdmin appreciation day. Let us recognize and thank our IT warriors for their hard work and dedication. Let’s face it. If not for our SysAdmins we wouldn't be able to get through a single business day with zero hiccups. Most of the times, we hardly spare a minute to say thanks for all that we get done by our SysAdmins. Now is our chance to thank them for the year round work they do. To all the SysAdmins out there, we, at ManageEngine, would like to truly thank you for
ManageEngine Log360 free online workshop series - Register now
We are excited to announce our exclusive free online workshop series for Log360 from this week. We have designed the topics of this workshop series based on the popular demands of our customers. So, we hope you're as excited as we are. Insights from this series will take you one step ahead of your peers. So hurry up and register right away. Free online Log360 workshop series 2017 25th July - 16th August 2017 Every Tuesday & Wednesday Register Now Highlights of this workshop: Our workshop focuses
Free webinar series: Securing your organization from cyber attacks
Join us for our free two-part webinar series to learn about the tools and techniques you need to secure your organization from cyber attacks. We'll be discussing the two-pronged approach - including both reactive and proactive measures - that'd help you secure your IT against the recently prevalent cyber threats. Register here: http://bit.ly/SecEntIT Part 1: Handling an attack | Thursday, July 20th, 2:30pm IST Part 2: Preventing attacks | Thursday, August 3rd, 2:30pm IST Click here for more details
Next Page