EventLog Analyzer Advanced Threat Analytics

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Configuration

Get the Access Key

Navigate to https://log360feeds.manageengine.com/
Copy the Advanced Threat Analytics Feed Server access key.

Note: For users who do not have a feeds account, please create an account to sign in and obtain the Threat Analytics Feed Server access key.

Add the Access Key in EventLog Analyzer and Configure

In EventLog Analyzer, navigate to Settings → Threat Management → Advanced Threat Analytics→ Log360 Cloud Threat Analytics → Integrate

log360cloud-threat-analytics

Paste the Access Key in the Access Key box

log360cloud-threat-analytics

The scheduler will be enabled automatically. To change the frequency in which the feeds are populated, click the edit button next to Interval.

log360cloud-threat-analytics

Note: We recommend whitelisting the URLs "https://log360feeds.manageengine.com/" and "https://log360cloud.manageengine.com/" to establish a connection to Threat Server without being blocked by the firewall.

Analysis

The Log360 Cloud Threat Analytics is available in the Incident Workbench. Learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.

Select any IP, URL, or Domain to analyze in the Workbench. You can access the following data:

Info

This section contains the Reputation Score of the Threat Source on a scale of 0-100.

Note: The risk factor is inversely proprtional to the Reputation Score.

You can also view the Reputation Score Trend chart, Status of the Threat Source( whether it's actively part of the threat list), Category, Number of occurences on threat list, and when the source has been released from the threat list.

log360cloud-threat-analytics