Log360 Training

About Log360

Log360 is a comprehensive security information and event management (SIEM) solution that performs exhaustive log management, Active Directory auditing, and user behavior management.

Course agenda:

Getting started and installing Log360

• System prerequisites and requirements
• Installing Log360 as an application and as a Windows service
• Starting and setting up Log360 from the web console

Integrating the different components of Log360

• Integrating products installed in other machines in Log360
• Setting up all the components of Log360
• Synchronizing the data between the integrated components

Setting up log collection

• Automating log collection from devices
• Setting up agent-based and agentless log collection
• Implementing log collection filters

Searching the logs

• Types of search queries and their functions
• Building basic and advanced search queries
• Parsing logs
• Tagging search queries
• Mapping search results as incidents

Security analytics

• Viewing reports on network activities, Active Directory, Exchange Server, and Microsoft 365 from one place
• Exporting reports in various formats
• Mapping reports as incidents

Active Directory auditing

• Account logon auditing
• logoff auditing
• AD user object auditing
• AD computer object auditing
• AD group object auditing
• AD organizational unit auditing
• Permission change auditing
• GPO auditing
• Auditing for other AD objects, like containers, contacts, DNS, and more

File server auditing

• Windows file servers auditing
• Windows failover server clusters auditing
• NetApp Filer auditing
• EMC storage auditing
• File integrity monitoring

Account Lockout

• Analyzing Windows services and schedule tasks
• Network Drive Mappings/logon sessions/Process list
• Analyzing logon activity of both the domain controller and local
• Analyzing OWA and ActiveSync
• Radius server logins

Member server auditing

• Auditing logon activity on servers
• Tracking process activity
• Auditing policy changes
• Monitoring system events
• Managing accounts on servers
• Printer auditing
• ADFS auditing
• Removable storage (USB) auditing
• AD LDS auditing

Dashboard

• Customizing the dashboard and embedding it in external sites
• Adding new widgets to the dashboard

Setting up security alerts

• Viewing pre-built alerts and correlation-based alert profiles
• Building custom alert profiles
• Exporting alerts

Event correlation

• Viewing pre-built correlation rules
• Building custom correlation rules

Response workflows

• Configuring workflows for alerts
• Creating workflow profiles

Incident tracking

• Creating incidents for alerts, reports, and search results
• Tracking incidents

User and entity behavior analytics (UEBA)

• Viewing, scheduling, and exporting reports
• Configuring alerts in Log360 UEBA

Logon settings

• Configuring single sign-on, smart card, and two-factor authentication for secure login

Centralized administration settings for Log360 and integrated components

• Setting up high availability
• Configuring automatic database backup and build update
• Configuring mail server, SMS, and proxy settings
• Applying SSL certificates and enabling HTTPS
• Setting up Log360 as a reverse proxy server for enhanced security

General settings

• Enabling license expiration and product downtime notifications
• Migrating from the built-in database to other databases
• Personalizing language and time zone settings
• Customizing the logo, title, and more