ManageEngine unveiled that its security information and event management (SIEM) solution, Log360, has been strengthened with a reengineered threat detection approach, in a major enhancement aimed at addressing the needs of security operations center (SOC) teams.
Over 60% of SOC teams are overwhelmed with irrelevant threat data, of which a majority (53%) of cloud security alerts can be considered noise, according to the 2025 Threat Intelligence Benchmark study commissioned by Google. ManageEngine’s latest release bolsters Log360’s position as a unified security platform by filtering out the security alert noise, thereby enabling faster triage and reducing burnout issues faced by security analysts.
“The biggest challenge for security teams today isn’t collecting data, it’s separating genuine signals from overwhelming noise,” said Manikandan Thangaraj, VP at ManageEngine. “We’ve reengineered our detection system to not just build more complex rules, but to deliver true efficiency and empower SOC with flexible, granular rule-tuning capabilities that go beyond simple thresholds. With this advancement, SOC analysts can filter out benign noise without sacrificing the ability to catch a true compromise. This shifts our focus to a targeted pursuit of genuine threats, ensuring we’re protecting and not just monitoring twenty-four seven.”
The new capabilities include a centralized detection console, object-level rule filters, and over 1,500 prebuilt detection rules that are continuously delivered and updated from the cloud. This upgrade also lays the foundation for enterprise-grade scalability, with a multi-tier architecture, role-specialized log processing, and centralized multi-site collection, ensuring performance and resilience as data sources and log volumes grow.
ECSO 911 validates Log360’s impact
Early beta testing by Emergency Communications of Southern Oregon (ECSO) 911, a United States-based Log360 customer, validated the impact of these improvements, demonstrating a measurable reduction in false positive alerts and faster detection-to-response cycles. ECSO is a combined emergency dispatch facility and Public Safety Answering Point (PSAP) for all of the 911 lines in Jackson County and Crater Lake National Park in the state of Oregon.
“For a 911 emergency communications center, security is the foundation of public trust, and any failure has immediate, real-world consequences. The latest advanced detection capabilities are not optional, they are essential,” said Corey Nelson, IT manager, ECSO 911. “With Log360’s optimized detection rules and filtering techniques, we have reduced false or low-priority alerts by 90%, allowing our analysts to focus on the threats that matter most. This improvement has significantly accelerated our ability to identify and respond to real cyber incidents.”
Key highlights of Log360’s new upgrade
- Reengineered detection: Log360 introduces a unified detection console that consolidates all detection content, including MITRE ATT&CK-aligned rules, correlation logic, user and entity behavior analytics (UEBA) insights, and threat intel feeds, into a single pane of glass. Security teams can create standard, anomaly-based, or advanced detection rules through an interactive UI, without writing complex queries. Object-level filters across Active Directory users, groups, and OUs ensure that high-value identities are continuously monitored while suppressing low-priority noise.
- Cloud-delivered content: More than 1,500 prebuilt rules cover a wide range of use cases from privilege escalation and lateral movement to endpoint tampering and SaaS attacks. These rules are researched, curated, and tested by ManageEngine’s in-house threat research team to ensure accuracy and low false positives, and are delivered through a cloud-based update mechanism so users always stay current. Adoption of SIGMA-based detection rules is also included in this refined package.
- Multi-tier enterprise architecture: Log360’s architecture enhancements enable horizontal scalability with log processor clusters and role-based processing (correlation, enrichment, alerting), as well as centralized collection from distributed sites, ensuring performance continuity even in large, geographically distributed enterprises.
