threatfox
Log360

Integration of ThreatFox with ManageEngine Log360

ManageEngine Log360 integrates with ThreatFox, an open-source threat intel platform, to enhance threat detection experience for its customers. ThreatFox offers a list of domain-based indicators of compromise (IoCs), with datasets—such as payload delivery domains, Botnet C2 domains, etc.—that get added to Log360's Central Threat Repository. This data is used to detect and defend against malicious domains.

How the integration works

Combining this wealth of knowledge with Log360's robust threat mitigation capabilities, you can be assured that your organization stays secure.

  • Log360 regularly fetches and ingests threat feeds and intel from ThreatFox through a secured connection.
  • Threat feeds from this integration are stored along with the other curated threat intel in Log360's Centralized Threat Repository (available in its cloud-hosted environment).
  • Customers can configure their synchronization time to regularly fetch these threat feeds for their threat detection, incident, and response (TDIR) functions.

Please note that the integration comes with the basic pricing of Log360. The Advanced Threat Analytics (ATA) add-on contain credible and curated threat feeds from our technical partners like BrightCloud and Constella Intelligence.

How to enable the ThreatFox integration

The ATA add-on is required to obtain the ThreatFox integration. There's no additional configuration needed to enable this integration, as Log360 auto-fetches threat data from this open-source community.

Key benefits:

  • Detect threats in real time: Upon integrating ThreatFox with Log360, you can gain complete visibility into malicious threat sources and ensure that your organization doesn't come into contact with such sources.
  • Updated threat intel: Since ThreatFox data is updated regularly, whenever there's a new threat source identified, the database is updated with relevant information.
  • Enhanced security posture: By getting updates on the recent security threats and the IoCs associated with them, you can ensure that you have an enhanced security posture.

About ThreatFox

ThreatFox is a project operated by abuse.ch. The purpose of this project is to collect and share indicators of compromise (IOCs), helping IT-security researchers and threat analysts protecting their constituency and customers from cyberthreats.