Integration of Webroot BrightCloud Threat Intelligence Services with ManageEngine Log360

 

Log360 integrates with the BrightCloud Threat Intelligence platform's threat feeds. This integration helps Log360 users expedite threat detection and analysis by automatically correlating threat feeds from BrightCloud with network activity for faster, more accurate threat detection. Additionally, the integration offers contextual security telemetry, such as threat types and origins, providing guided investigation and analytics. Through this integration with BrightCloud, Log360 ensures a comprehensive approach to threat intelligence and response.

How the integration works

  • Data collection
    • Organizational network: Log data from various sources within the organization's network is collected. This may include logs from firewalls, servers, applications, and other network devices.
    • Security Event Logs: The collected log data is stored in a centralized repository called Security Event Logs.
  • Threat intelligence integration
    • BrightCloud: Threat intelligence feeds from the BrightCloud service are integrated into the system.
    • Threat intelligence database: The threat intelligence feeds are stored in a threat intelligence database, which contains information about known threats, including IP addresses, URLs, and other indicators of compromise (IoCs).
  • Data processing and correlation
    • The system processes and correlates the data from the Security Event Logs and the threat intelligence database. This involves analyzing the log data to identify suspicious activities, patterns, or matches with known threats.
  • Alert generation
    • Based on the processed, correlated data, the system generates alerts for any detected threats or anomalous activities. These alerts are designed to notify security personnel of potential security incidents that require attention.
  • Incident response
    • The generated alerts trigger incident response actions. Security teams investigate the alerts, confirm the threats, and take appropriate measures to mitigate and remediate the identified security incidents. This may involve blocking malicious IP addresses, isolating affected systems, or conducting further forensic analysis.

The integration of Log360 and BrightCloud enhances your organization's ability to detect and respond to security threats. By combining internal log data with external threat intelligence, the system can identify and respond to threats more effectively, improving your overall security posture.

How to enable

To configure BrightCloud, you need to purchase Log360's Advanced Threat Analytics add-on license and follow these steps:

  • In Log360, navigate to SIEM > Settings on your administrative panel.
  • UnderAdmin Settings, navigate to Management > Threat Feeds.
  • Navigate to the Advanced Threat Analytics tab.
  • Configure the respective feeds on the Advanced Threat Analytics tab to gain access to the threat analytics data.

By following these steps, you will successfully set up and configure BrightCloud with the Advanced Threat Analytics add-on license.

Top benefits of this integration

By integrating Log360 with BrightCloud, organizations can gain a powerful advantage in threat detection and response. Discover how this unified approach enhances your organization's cyberdefenses:

  • Enhanced threat detection:WithLog360's Advanced Threat Analyticsadd-on enriched with BrightCloud, customers can enhance their detection capabilities. Real-time global threat feeds provide up-to-date information, such as reputation scores and threat categories, on malicious IoCs, enabling proactive threat mitigation.
  • Prioritized alerts: Reputation scoring from BrightCloudhelps you prioritize security incidents based on their severity, allowing your security teams to focus on the most critical issues first.
  • Faster response times: With readily available threat details and investigation tools on the Incident Workbench, Log360 facilitates faster responses to security incidents.
  • Cost-efficiency: The integrated solution optimizes security investments by consolidating threat intelligence and analysis tools. This reduces the complexity of security operations, leading to cost savings and improved operational efficiency.

Please note that Log360 comes with built-in integrations with threat feeds from open-source platforms at no additional cost. The solution's Advanced Threat Analytics add-on comes with curated, trusted threat feeds through this integration. Additionally, if you have VirusTotal in your environment, Log360 can ingest its threat feeds for analytics.

About Webroot

Webroot, a leading provider of cybersecurity solutions, offers industry-renowned threat intelligence through its BrightCloud Threat Intelligence platform. With over a decade of experience, Webroot specializes in delivering real-time threat intelligence to businesses worldwide. Its comprehensive approach to cybersecurity includes continuously updated threat data sourced from millions of endpoints and sensors globally. Trusted by organizations of all sizes, Webroot's solutions empower businesses to proactively defend against cyberthreats, ensuring robust protection against malware, phishing attacks, and other cyber risks. By partnering with Log360, BrightCloud enhances threat detection capabilities, providing organizations with actionable insights so they can strengthen their cybersecurity postures effectively.

Related pages

Home »

Awards & recognition

ManageEngine named in 2024 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link