About us

Optrics is an authorized ManageEngine Partner with expertise in customized network solutions.

read more

Optrics Call Answer Guarantee
Toll Free: 1-877-386-3763
Direct: 1-780-430-6240

If you have any questions, call us during regular business hours, and you will always speak with a person.
Monday to Friday, 8am - 5pm MST

Automate Log Management

One-stop solution for all log management and network security

Log 360, a comprehensive SIEM tool, helps you to resolve all the challenges of IT security administrators including automating log management, auditing Active Directory environment, public cloud log management, meeting compliance needs, protecting confidential data from security breaches, and more. through a simple and easy to use interface.

Log360 Overview

What is Log360?

The Equifax Data Breach

As we all know, Equifax reported a breach, as well as the theft of more than 143 million American's data. It's not easy to estimage what kind of damage that breach could cause to those affected and is likely to cost Equifax billions of dollars.

Trust, time and money are some of the major impacts a company can be facing with an enormous breach of security like this. While the cause of the attack is still unknown, this incident sends a grave message to all companies - any organization, big or small, is susceptible to attacks. It is important to take steps to prevent these incidents.

Even if an attack is discovered, quick incident response is needed, which begins with incident forensics - investigating the attack and its cause. All of this is possible with a powerful SIEM solution. Besides identifying and alerting you about potential or live attacks, a sophisticated SIEM tool can also help in investigating attacks and creating detailed incident reports.

Discover & deal with attacks using indicators

This white paper discusses the indicators of ongoing attacks, or even potential threats. There is no organization that's "immune" to breaches or attacks. There are a couple of categories for these "indicators". IoA (Indicators of Attack) and IoC (Indicators of Compromise).

Indicators of Attack help you prevent attacks, while Indicators of Compromise will assist with an attack that's ongoing. This white paper highlights concepts that can help you know how to configure your SIEM solution to track both of these types of indicators, in addition to creating rules to help identify breaches. This will help make sure that your data stays protected and will help improve your overall data security.

Dealing with Indicators  pdf

Log Forensics Best Practices

Every organization (even yours) is vulnerable to attacks, particularly in the evolving threat landscape of today. You can launch your investigation quickly, in the event you discover a breach has occurred by searching your network logs - and discover exactly what happened to cause the breach. Time is of the essence in these situations, and you need to make sure that all your components are in place in order to conduct your investigation.

From a legal perspective, you have to be able to create proper incident reports in order to demonstrate proper compliance in addition to minimize potential legal penalties. Best practices you can follow are included in this guide that will help you leverage your SIEM solution, and have an excellent forensics system in place.

Forensics Best Practices Guide  pdf

Get a Quote  or  Download Free Trial

Features

Log360 contains two components, with each of them providing a rich but unique set of features. These components are:

  • AD Auditing
  • EventLog Analyzer

Data Synchronization Across Components

Once the different components of Log360 are integrated, the data related to domain settings, component integration, etc., will be automatically synchronized across each component. This saves a lot of time for the administrators, as they no longer have to configure the same settings across all the four components. Any changes they make in any one of the components will be reflected in the other components also.

Detecting and enriching IoCs and IoAs with Log360

Log360 comes with a built-in, real-time event response system that detects IoCs, and a correlation engine that helps enrich IoAs. This solution also has a prepackaged global IP threat database that has over 600 million malicious IP addresses. Whenever traffic from any of these IP addresses hit resources in the network, the security administrators will be notified in real-time and with the solution, they can even configure a custom script to block this IP address right away.

Real-time event response system: Log360 has over 700 prebuilt alert profiles that are based on meticulous study of various IoCs. Security administrators can choose to enable alert profiles that are relevant to their business context to detect attacks instantly.

Whenever an IoC occurs, administrators will get real-time notifications via email or SMS, as well as a detailed report on the event, speeding up the attack mitigation process. Furthermore, to reduce the number of false positives, Log360 includes the ability to create alert profiles for specific devices based on event frequency or time frame. Log360 also provides detailed reports on each of the following:

Unauthorized access attempts to critical databases.

  • Unusual login failures:: Identify who attempted to log on, from which IP address, when, and whether it was from a remote host.
  • Login failure details: Lists all logon failures, including why the logon failed (for example, whether it was due to a bad password or incorrect username).

Unauthorized copy of critical information.

  • Detailed DML auditing: Track who executed a select query in the database, from where, and when.
  • Copy attempts: Determine who tried to copy data, to where, and from which machine the attempt was made.

These details give Log360 users additional context, which helps them validate incidents as a threat or attack. The correlation engine: Log360 offers the capability to correlate different events across the network to recreate and detect known attack patterns.

In terms of the data breach scenario above, administrators can use Log360 to build a custom correlation rule and detect similar attacks faster. With Log360's drag-and-drop correlation rule builder, users can simply select predefined actions and create a rule for any attack pattern.

Further, users can set up threshold values for each of the actions to precisely detect attack patterns and save time investigating false positives.

Get a Quote  or  Download Free Trial

Log360 Documentation

Here you can find Log360 product documentation, brochures and guides. If you have any questions please feel free to contact us and one of our specialists will address your inquiry as soon as possible.

  • Forensics Best Practices -  pdf
  • Dealing with Indicators -  pdf
  • Forensics Best Practices Guide -  pdf
Get a Quote  or  Download Free Trial

Videos

Get a Quote  or  Download Free Trial