lhs-panel Click here to expand

Log360 Cloud Threat Analytics

Configuration

  1. Get the Access Key

    Note: For users who do not have a feeds account, please create an account to sign in and obtain the Threat Analytics Feed Server access key.

  2. Add the Access Key in EventLog Analyzer and Configure
    • In EventLog Analyzer, navigate to Settings → Threat Management → Advanced Threat Analytics→ Log360 Cloud Threat Analytics → Integrate
    • log360cloud-threat-analytics

    • Paste the Access Key in the Access Key box
    • log360cloud-threat-analytics

    • The scheduler will be enabled automatically. To change the frequency in which the feeds are populated, click the edit button next to Interval.
    • log360cloud-threat-analytics

Note: We recommend whitelisting the URLs "https://log360feeds.manageengine.com/" and "https://log360cloud.manageengine.com/" to establish a connection to Threat Server without being blocked by the firewall.

Analysis

The Log360 Cloud Threat Analytics is available in the Incident Workbench. Learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.

log360cloud-threat-analytics

Select any IP, URL, or Domain to analyze in the Workbench. You can access the following data:

  • Info

    This section contains the Reputation Score of the Threat Source on a scale of 0-100.

    Note: The risk factor is inversely proprtional to the Reputation Score.

    You can also view the Reputation Score Trend chart, Status of the Threat Source( whether it's actively part of the threat list), Category, Number of occurences on threat list, and when the source has been released from the threat list.

    log360cloud-threat-analytics

    log360cloud-threat-analytics

  • Geo info

    The Geo Info contains location mapping details of the Threat Source such as city, state, region and the Whois information of the domain.

    log360cloud-threat-analytics

  • Related Indicators

    This section contains the risk profile of the related indicators of IPs, URLs and Domains.

    Here are the related indicators:

    IP:

    • hosted_urls
    • asn
    • hosted_files
    • hosted_apps

    URL/ Domain:

    • virtuallyhosted
    • sub_domains
    • hosted_files
    • hosted_apps
    • hosting_ips
    • common_registrant

    log360cloud-threat-analytics

Threat Evidences

This section contains eveidences produced by the security vendor for different attacks attempted from the threat source.

log360cloud-threat-analytics

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link