ManageEngine Log360 review: SIEM for all seasons

Part of ManageEngine’s burgeoning product portfolio, Log360 delivers a complete SIEM (security information and event management) solution that’s priced right for SMBs and mid-sized organizations. It teams up a choice selection of ManageEngine’s IT security management products, amalgamates them into a single web console for easy access and offers optional add-on products to further enhance its efficacy.

The Log360 web site is a tad vague about what is actually included in the suite so we asked ManageEngine support to clarify. It advised us that the base Log360 suite includes ADAudit Plus, EventLog Analyzer, O365 (Office 365) Manager Plus and Log360 UEBA (user and entity behavior analytics).

Add-ons include Exchange Reporter Plus for on-premises mail server auditing and ADManager Plus, which adds a heap of Active Directory reporting tools. DataSecurity Plus also provides file server auditing and DLP (data leak prevention) while Cloud Security Plus collects and analyzes log data from AWS, Azure, Google Cloud and SalesForce.

ManageEngine Log360 review: Pricing and getting started

Prices for Log360 start at around £452 but costs will depend entirely on what you want to monitor. We requested a quote from ManageEngine for 1 domain controller, 5 Windows servers, 5 syslog sources, 100 workstations, 5 Windows file servers, 5 application auditing licenses, AD reporting, an Exchange server, UEBA and a single Office 365 tenant and it came back the next day with annual subscription cost of only £4,078.

Initial installation of the base Log360 suite is simple, as it’s handled by a single routine. We loaded in on a Windows Server 2019 Hyper-V VM logged in as a domain member, and the suite was ready to go in 20 minutes.

Each individual component has its own web console with a dedicated port number and Log360 provides a single pane of glass for accessing them all. If you install more components later on, you can add them to the main Log360 console by entering their host name and service port number.

We suggest adhering to the recommended host hardware specification as the minimum requirement is nowhere near enough - our VM initially had 2 CPU cores plus 8GB of memory and Log360 ate the lot. In fact, we weren’t happy with performance until we had assigned 8 virtual Xeon Scalable Gold cores and 32GB of memory to the Log360 VM.

ManageEngine Log360 review: ADAudit Plus and EventLog Analyzer

The Log360 console opens with dashboard status overviews of all components, and each one can be quickly accessed from the side bar. ADAudit Plus presents graphs for at-a-glance views of user logon failures, account deletion, modification and creation activities, logon failure error reasons, logon activity, account lockouts and password changes.

It offers access to hundreds of exportable reports on all manner of AD activity (and Azure AD if configured), while the Compliance tab provides reports on regulatory standards including SOX, PCI-DSS, HIPAA and, of course, GDPR. You can peruse activity on Windows, NetApp, Dell EMC and Synology file servers, use analytics to spot anomalous activity and choose when to archive logs for 24 different AD categories

EventLog Analyzer supports over 750 log sources so you can integrate data from your core servers, firewalls, routers, switches, databases, VMware and Hyper-V hypervisors, web servers, vulnerability scanners and endpoint security products. Logs are easily managed as it provides full archiving facilities, where you specify intervals and retention periods and elect to have the files securely encrypted and time-stamped.

Log interrogation features are outstanding; you can use the console’s top search bar for fast results or create more complex queries using wild-cards, phrases, Boolean operators, groups and ranges. Log data can be correlated from multiple sources and reporting tools include a range of canned reports plus a full set for GDPR compliance.

ManageEngine Log360 review: O365 Manager Plus and Log360 UEBA

O365 Manager Plus just required us to enter our tenant details and we could then use its customisable dashboard to view mail traffic, malware and spam activity, top senders or receivers, mobile users, mailbox quotas and much more. The usage view required ManageEngine’s RESTful API access to be enabled and then we could view our user’s OneDrive, Skype and Teams activities.

Reports are available for all Office 365 functions and range from mailboxes and mail traffic to all things related to users, groups, contacts, account security and registered Azure AD devices. Extensive auditing for both Exchange Online and Azure AD is only a few clicks away and logs older than a set number of days can be archived and password protected.

Log360 UEBA opens with an informative dashboard showing how many events have been ingested, anomalies detected, trends over time plus users and devices being tracked. Each user and entity is assigned a risk score based on their activities, which you can view from the relevant dashboard to see why they have been marked up for attention and generate detailed anomaly reports on areas such as failed logins, registry activities, firewall changes and even USB device usage.

ManageEngine Log360 review: Optional add-ons

If you have an on-prem Exchange server then Exchange Reporter Plus is well worth considering. Its main dashboard shows all inbound and outbound mail activity along with a traffic summary and a sidebar which highlights alerts you need to investigate. Extensive predefined reports tell you everything you need to know about your organisation’s email while the auditing section keeps you informed of any changes to your Exchange databases along with mailbox permissions and properties.

Another add-on that’s worth a look is ADManager Plus, as this takes AD reporting to a higher level. However, note that this is a cut down version for Log360 that doesn’t include the AD object management tools provided by the full standalone version.

ManageEngine Log360 review: Verdict

Businesses worried about GDPR compliance can rest easy with Log360 at their side as it delivers an excellent range of event log and security management tools. Best installed on a dedicated host, it neatly integrates everything into one central console, more components can be added as required and it’s all offered at a competition-thrashing price.

ManageEngine Log360 system requirements (recommended)