Threat investigation - External score risk profiling

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Advanced Threat Analytics

Note:

Check the Access page to learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.
To access Advanced Threat Analytics data, you can click on any of the following fields that uniquely identify the external sources:

Domain analysis:

Domain
Canonical Name
Client Domain
URL Site

IP Analysis:

Remote DeviceIp
Source IP
Client IP Address
Server IP Address
Address
Destination IP
Device Ip
Remote Ip
Source Host Address
NAT Source Address
NAT Destination Address
Destination IP
Original Client IP
IP Address
Endpoint IP
Private Ip
Target Ip
Source Device
Target Machine
Destination Host Address
Target Device

URL Analysis:

Payload URL
Object Url
URL

EventLog Analyzer supports the following vendors for the Advanced Threat Analytics in Incident Workbench:

Dark Web Monitoring

When you purchase Advanced Threat Analytics, you also gain access to Dark Web monitoring. You can use your domain to enable Dark Web monitoring. This feature actively scans for any compromise of user data on the Dark Web and sends alerts. Compromised data can include credentials, credit card information, and more. With this information, the security analyst can gain insight into the depth of the breach and the type of information that has been breached.

VirusTotal

This is a third-party threat feed integration, and follows the Bring Your Own Key (BYOK) model. If you have purchased VirusTotal access separately, you can use your API key and get the threat analytics information in EventLog Analyzer.

Note: Check out the Advanced Threat Analytics page to learn about the configuration and analysis.

Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in EventLog Analyzer. As long as you don't close the workbench, the analysis will be available even if you log out of EventLog Analyzer and login again. You can also save it to an existing incident or create a new one.

Advanced Threat Analytics

Log360 Cloud Threat Analytics

Dark Web Monitoring

VirusTotal

On this page