ManageEngine, a division of Zoho Corporation, announces a key architectural update to Log360, its unified security platform, incorporating native SOAR capabilities, seven new integrations with some of the industry’s leading security vendors, and multi-domain orchestration capabilities that place detection, AI investigation, and automated response within a single data model.
Automated response flow
Security operations are entering the era of agentic automation, although they do so on an infrastructure that was not designed for it. In most SOCs, tools multiply without converging, each incorporating its own queue of alerts, its own data model, and new demands on analysts’ time. The visibility problem is rarely due to a lack of tools, but rather due to insufficient integration. AI agents and autonomous response only work when different technology layers share context, and most current security stacks still do not.
Log360’s native SOAR is designed precisely to provide that shared context. A single automated response flow can isolate an endpoint through EDR, revoke a compromised session through IAM, enrich the incident with external threat intelligence, open a service ticket, and notify the SOC—all based on the same alerts, detections, and behavioral signals that the platform already generates.
“The next evolution in security operations is to rethink the architecture so that AI, detection and response share a common foundation,” says Manikandan Thangaraj, vice president of ManageEngine. “When an AI-based investigation agent and an orchestration engine operate on the same data model, it eliminates the friction that has kept security teams in a reactive position for years. No handoffs between APIs, no reconstruction of context, and no friction between detection and response. The best automation is not prescriptive, but programmable. That’s what we’ve built into Log360.”
Key New Log360 Features
Expert response guides, ready from day one: A library of pre-configured response templates, distributed via CDN, allows you to activate automation right out of the box. When teams need to go further, analysts can extend workflows through the low-code Zoho Qntrl platform, while engineers maintain full control using Python or Deluge. This approach allows teams to build once and continually adapt workflows to ever-evolving environments and compliance requirements.
Automated response across the environment: A single automated workflow can isolate endpoints, revoke compromised credentials, open service tickets, and apply response actions across EDR platforms, network infrastructure, and business applications, eliminating manual handoffs between teams and tools.
Context-based incident response: Response scripts enrich alerts with threat intelligence and asset context, apply conditional logic to prioritize incidents based on severity or compliance scope, and automatically execute multi-step response sequences without human intervention.
Endpoint coverage that bridges the multi-domain gap: Endpoint telemetry, along with identity and cloud context, is fed into Log360’s correlation and response layer to track and contain threats from a single platform.
Centralized console with Log360
Log360 is a unified SIEM solution with integrated DLP, CASB, and SOAR capabilities, which detects, prioritizes, investigates, and responds to security threats. Vigil IQ, its TDIR module, combines threat intelligence, an Incident Workbench, ML-based anomaly detection, and rules-based attack detection to identify sophisticated attacks, along with an incident management console for remediation.
ManageEngine’s redesigned detection, based on a centralized console, enables the creation of multi-mode rules and tuning insights, increasing signal quality and reducing false positives. Native SOAR, with an integrated orchestration engine and extensible library of response flows, automates responses across the security environment, bridging the gap between detection and action. For more information about Log360, visit manageengine.com/log-management/ and follow their LinkedIn page for regular updates.
