Uncategorized

Log360 Enhanced: ManageEngine Strengthens Unified Security Platform With Reengineered Detection to Reduce Alert Fatigue

New Capabilities in Log360 Tackle False Positives, Keep Threat Coverage Current, and Enable Scaling With Enterprise Demand

ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, has announced that its security information and event management (SIEM) solution, Log360, has been strengthened with a reengineered threat detection approach, in a major enhancement aimed at addressing the needs of modern-day security operations center (SOC) teams.

Over 60% of SOC teams are overwhelmed with irrelevant threat data, of which a majority (53%) of cloud security alerts can be considered noise, according to the 2025 Threat Intelligence Benchmark study commissioned by Google. ManageEngine’s latest release bolsters Log360’s position as a unified security platform by filtering out the security alert noise, thereby enabling faster triage and reducing burnout issues faced by security analysts.

“The biggest challenge for security teams today isn’t collecting data—it’s separating genuine signals from overwhelming noise,” said Manikandan Thangaraj, Vice President at ManageEngine. “We’ve reengineered our detection system to not just build more complex rules, but to deliver true efficiency and empower SOC with flexible, granular rule-tuning capabilities that go beyond simple thresholds. With this advancement, SOC analysts can filter out benign noise without sacrificing the ability to catch a true compromise. This shifts our focus to a targeted pursuit of genuine threats—ensuring we’re effectively protecting and not just monitoring twenty-four seven.”

The new capabilities include a centralised detection console, object-level rule filters, and over 1,500 prebuilt detection rules that are continuously delivered and updated from the cloud. This upgrade also lays the foundation for enterprise-grade scalability—with a multi-tier architecture, role-specialised log processing, and centralised multi-site collection—ensuring performance and resilience as data sources and log volumes grow.

ECSO 911 Validates Log360’s Impact 

Early beta testing by Emergency Communications of Southern Oregon (ECSO) 911, a United States-based Log360 customer, validated the impact of these improvements, demonstrating a measurable reduction in false positive alerts and faster detection-to-response cycles. ECSO is a combined emergency dispatch facility and Public Safety Answering Point (PSAP) for all of the 911 lines in Jackson County and Crater Lake National Park in the state of Oregon.

“For a 911 emergency communications centre, security is the foundation of public trust—and any failure has immediate, real-world consequences. The latest advanced detection capabilities are not optional—they are essential,” said Corey Nelson, IT Manager at ECSO 911. “With Log360’s optimised detection rules and filtering techniques, we have reduced false or low-priority alerts by 90%, allowing our analysts to focus on the threats that matter most. This improvement has significantly accelerated our ability to identify and respond to real cyber incidents.”

Key Highlights of Log360’s New Upgrade

  • Reengineered detection: Log360 introduces a unified detection console that consolidates all detection content—including MITRE ATT&CK-aligned rules, correlationlogic, user and entity behaviour analytics (UEBA) insights, and threat intel feeds—into a single pane of glass. Security teams can create standard, anomaly-based, or advanced detection rules through an interactive UI, without writing complex queries. Object-level filters across Active Directory users, groups, and OUs ensure that high-value identities are continuously monitored while suppressing low-priority noise.
  • Cloud-delivered content: More than 1,500 prebuilt rules cover a wide range of use cases from privilege escalation and lateral movement to endpoint tampering and SaaS attacks. These rules are researched, curated, and tested by ManageEngine’s in-house threat research team to ensure accuracy and low false positives, and are delivered through a cloud-based update mechanism so users always stay current. Adoption of SIGMA-based detection rules is also included in this refined package.
  • Multi-tier enterprise architecture: Log360’s architecture enhancementsenable horizontal scalability with log processor clusters and role-based processing (correlation, enrichment, alerting)—as well as centralised collection from distributed sites—ensuring performance continuity even in large, geographically distributed enterprises.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *