Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Manage Profiles

In the Manage Profiles page, you can view the list of configured alert profiles and their attributes, such as alert type, alert severity, device/groups configured, etc. You can also enable, disable, export, and import alert profiles from this page.

Manage profile consolidates Profile Based Alerts and Correlation Alert Profiles under a single dropdown menu, allowing users to view and filter all profiles in one console based on their needs.

Creating Alert Profiles

Filter Profiles

To filter alert profiles based on the status (Enabled/Disabled/All), click on the dropdown menu next to Showing and select the required category.

manage-profiles

For example, if you want to view all your disabled alerts, you can simply select Disabled in the Showing field. All your disabled alerts will be displayed on the screen.

Export/Import Alert Profiles

Log360 Cloud enables you to export or import your configured alert profiles in the form of an XML file.

To export alert profiles, follow the steps given below.

Navigate to the Manage Profiles page under the Alerts tab.
Select the required Alert profiles to be exported by ticking the corresponding boxes.
Click on the icon and select Export.
Now the alert profile will be exported to your download location in the form of an XML file.

To import alert profiles, follow the steps given below.

Navigate to the Manage Profiles page under the Alerts tab.
Click on the icon and select Import.
Select the location of the XML file and click on Import.
The alert profile will be imported from your download location to Log360 Cloud.

What are Sigma rules?

Sigma is a text-based format for describing security events in log data, which simplifies security threat detection.

Log360 Cloud allows you to import these rules in the Alerts tab.

From Alerts:

Navigate to the Alerts tab, and select Manage Profiles. Choose the Import option.

manage-profiles

Log360 Cloud supports importing Sigma rules from YML files.

manage-profiles

During the import process, you will have the option to map fields and the log type associated with the Sigma rule. Click Save.

manage-profiles

Click Save to finalize the import process. Log360 Cloud will store the imported Sigma rule profile along with its defined criteria.

manage-profiles

Note: False positives mentioned in the sigma rule file will not be added in criteria. User has to manually add those criteria after importing the sigma rule file.

Filtering alerts using Alert Profiles

To display the alerts of a particular alert profile, click on the number of alerts under the No. of Alerts column. Now the filter to display the alerts of the selected alert profile will automatically be applied in the Active Alerts page.

manage-profiles

Edit Alert Profile:

To edit an existing alert profile, hover over the required alert profile and click on the icon. You will be directed to the Edit Alert Profile page. Here, you can make changes to the alert profile as required.

Delete Alert profiles

To delete an alert profile, select the alert profile and click on the icon. A pop-up will appear asking for confirmation. Click on yes to confirm the deletion.