ManageEngine Log360 could provide more in-depth insights, particularly in reporting. Some other solutions provide deeper insights into issues, especially when generating reports. More detailed insights should be included in the standard offering rather than requiring add-on modules. The reporting module may need to be purchased as an add-on to achieve this level of depth. Without needing to purchase an add-on module, ManageEngine Log360 should include more in-depth reporting capabilities in the current module.
Consultant at TurkOnay Elektronik Para ve Ödeme Hizmetleri A.Ş.
Real User
Top 10
Nov 17, 2025
The alerting capabilities in ManageEngine Log360 needed work for creating alarms for the cases where alarms were needed and for prioritizing the alarms for criticality. ManageEngine Log360 uses PostgreSQL as its own database but does not automatically parse and allow creation of alarms the way it does in MS SQL. There is less support in PostgreSQL than in MS SQL. The ability to create alarms based on parsed data in the same way MS SQL does would have been beneficial and would have saved considerable time. On the PostgreSQL side, it was not parsing much, which required a lot of manual work. This support is needed, and I am sure many companies need this support on PostgreSQL. MS SQL features that were missing in ManageEngine Log360 that should be included in the future are those that automatically parse an MS SQL database and provide options for setting alarms. On the PostgreSQL side, this is not the same. At minimum, PostgreSQL support should reach the MS SQL level of features and support that ManageEngine Log360 presents.
1. Enhanced Cloud Integration Current Gap: Log360 lacks native integration with Microsoft Intune and cloud-based Active Directory (Azure AD), limiting visibility for organizations transitioning to hybrid or fully cloud environments. Requested Improvements: Direct Intune Log Collection: Ability to ingest and correlate logs from Intune-managed devices to monitor compliance, device health, and security policies. Azure AD Deep Integration: Support for Azure AD audit logs, conditional access events, and identity protection alerts to provide end-to-end visibility. Cloud Workload Monitoring: Extend coverage to SaaS applications (e.g., Microsoft 365, AWS, GCP) for unified threat detection. Why It Matters: Many clients have migrated from on-prem AD to cloud-first setups this year. Without cloud-native log collection, critical security events (e.g., rogue Intune policies or Azure AD breaches) go unmonitored. 2. Improved Automation and Response Current Gap: Limited automated remediation (e.g., auto-isolating compromised devices) forces manual intervention. Requested Features: Playbook Automation: Pre-built workflows to auto-resolve common issues (e.g., disabling users after brute-force attacks). SOAR Integration: APIs to connect with SIEM/SOAR platforms (e.g., Splunk, Palo Alto Cortex) for escalated threat response.
While ManageEngine Log360 is a significant improvement, there could be enhancements in terms of integrating more user-friendly training materials and better deployment documentation.
Deploying ManageEngine Log360 is challenging in terms of knowledge. They offer some out-of-the-box configurations, but determining the specific firewall or antivirus in use and importing logs from various software sources can be complex. There is a need for more automation in such solutions, moving towards single-click deployments with minimal configurations. This would be more efficient than setting up complex systems, waiting for log collection, identifying issues, and relying on security experts to analyze logs and configure tools for future attacks. Incorporating more intelligence into the system could significantly improve this process, although the exact method remains unclear due to the evolving nature of cyber threats.
The solution lacks some features when compared to other products. It must add more features. Incident management for real-time scans must be improved a bit.
There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk. Another area that needs improvement is the integration of various technologies. Currently, they don't cover most of the major technology domains, leaving out significant coverage. Moreover, there are many additional features I would like to see. One feature would be an automated workflow for report downloading and sending it to relevant individuals. Additionally, there should be event triggers to identify and handle duplicated events. It would be helpful to have AI-driven technology to differentiate between real and false alerts, as we receive numerous false positives. Not every event is critical, so an intelligent analysis, such as behavior-driven or logic-based, should be incorporated to suppress unnecessary alerts. So, I want to decrease false positive instances. I would like to see a significant decrease in false positives based on intelligent analysis. The analysis could be behavior-driven or based on any logical approach, but it should be incorporated into the system.
Consultant at TurkOnay Elektronik Para ve Ödeme Hizmetleri A.Ş.
Real User
Top 10
Oct 27, 2022
We are always facing more difficulties right now because we are learning. On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits. We discussed this, and they said it is for diagnostic purposes only. Those logs won't be uploaded or regarded as a base of information for the client. That is only when you have difficulty when you face a problem. Yet changing them manually won't affect the server side, that client's life, or the knowledge of the life of that client. It will, however, be better if all of them are encrypted, and then the support side of the product can get the encrypted log files from us and decrypt and investigate. That way, we wouldn't have to tell ourselves and the auditors and then convince them that is not a vulnerability.
ManageEngine Log360 could be improved by including XDR, remediation and Sandbox. XDR can be different from other solutions because you don't just get logs, vulnerabilities or cyber threats. Also, SOA can be included as a type of security or phishing risk scam. Azure Sentinel has those features and it is a solution that can detect and remediate simultaneously. We can have a sandbox environment where we flag and simulate an attack. Hence, the system can be aware in case something happens.
Security Operations Center Analyst at a tech services company with 11-50 employees
Real User
Aug 30, 2022
It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system. The on-premises solution is very slow. When I move to another tab inside Log360 or in the SIEM, even if my system is running on 36 GB and with a high processor, it takes a lot of time to get into the alert page or the search page. It takes a long time to load a single page. With other solutions, such as Splunk, Securonix, Wazuh, I can quickly grab the details within seconds, but with ManageEngine, it takes a lot of time.
IT Security Admin at a university with 51-200 employees
Real User
Jan 18, 2021
Because I haven't been using it long enough, I am not too sure what's missing. I am comparing it with Varonis. The two seem to be lining up a lot, but Varonis is a little bit better as it gives me real-time alerts for the file shares. It takes a little bit of time for Log360 to actually learn your environment. I am dealing with a lot of alerts that aren't exactly valid because it just doesn't know yet. The learning environment time is a little bit lengthy, but I think it's necessary. Since Varonis was already in the environment, I have no idea how long that took for it to learn that behavior. It's hard for me to compare the two in that aspect, but that's what I'm dealing with. That's what I would expect somebody else to be dealing with if they just got the product and they didn't have anything.
ME Product Engineer at a tech services company with 11-50 employees
Reseller
Aug 30, 2020
The matter of the data retention needs to be addressed. The back-end, moving to a whole new server, needs the integration of the data already collected by this tool. Right now, this is lacking. I have some customers that have to collect data for a period of two years. That data needs to be mobile - and we are talking about two terabytes or three terabytes of logs. There's always a problem, where the old server is breaking or at the end of the life, and they need a whole new one and need to migrate, however, it is very hard to find a way to do this effectively. In a future release, I would like to see some sort of feature that prepares one predefined installation. It would also be ideal if we could have separate servers for separate customers. I would like to see that there are some items that are predefined, and some features to predefine some settings. For example, I would like to create some custom reports for customer complaints and be able to report the issues and put them into every part of the solution.
Information Systems Manager at a non-profit with 1-10 employees
Real User
Jan 7, 2020
The GUI needs to be improved. The graphical interface could be made easier to use when you are connecting to different network equipment. For the service it is straightforward. It is a hassle when you have different manufactures for switches and realtors. Simplifying the user interface would be very helpful. There are issues with stability. In the next release, I would suggest to include not only for enterprise-level switches but also small business-level switches in the system. Some of our offices experienced issues when they had both local switches. Also, simplify the interface when you are adding network equipment.
There are issues when we log into Log360 from the computer that is hosting the system. It does not connect to the Active Directory. For example, Linux cannot connect or log into Log360 with the Active Directory user. We can log in as a local user, and it's fine, but when we login with an Active Directory user, we cannot.
The only thing I'd say is to provide log sheets that accurately describe how this solution works. Most times log sheets are not assigned well. You need to contact your support or you need to go to marketing and I don't like that. Also, a Cloud version would be a major breakthrough. I think it should be looked into because most organizations these days don't want to publish on servers. Also in terms of flexibility, I think a cloud version should be pushed. Backups are very, very important. We had a situation where because cloud reliability is not 100% when we wanted the backup we needed to re-position the server. So instead of starting from the previous position completely, it would be nice if you could just take the file and install the same version of the ones you want because now if you want to run that backup, you must install the one that was going before. I should be able to replicate the same on another server. I should be able to pick the same file and go. So the backup process is not that easy and not that straightforward.
Log360 is your one-stop solution for all log management and network security challenges. It is an integrated solution that combines EventLog Analyzer and ADAudit Plus into a single console to help you manage your Active Directory auditing and network security easily.
ManageEngine Log360 could provide more in-depth insights, particularly in reporting. Some other solutions provide deeper insights into issues, especially when generating reports. More detailed insights should be included in the standard offering rather than requiring add-on modules. The reporting module may need to be purchased as an add-on to achieve this level of depth. Without needing to purchase an add-on module, ManageEngine Log360 should include more in-depth reporting capabilities in the current module.
The alerting capabilities in ManageEngine Log360 needed work for creating alarms for the cases where alarms were needed and for prioritizing the alarms for criticality. ManageEngine Log360 uses PostgreSQL as its own database but does not automatically parse and allow creation of alarms the way it does in MS SQL. There is less support in PostgreSQL than in MS SQL. The ability to create alarms based on parsed data in the same way MS SQL does would have been beneficial and would have saved considerable time. On the PostgreSQL side, it was not parsing much, which required a lot of manual work. This support is needed, and I am sure many companies need this support on PostgreSQL. MS SQL features that were missing in ManageEngine Log360 that should be included in the future are those that automatically parse an MS SQL database and provide options for setting alarms. On the PostgreSQL side, this is not the same. At minimum, PostgreSQL support should reach the MS SQL level of features and support that ManageEngine Log360 presents.
1. Enhanced Cloud Integration Current Gap: Log360 lacks native integration with Microsoft Intune and cloud-based Active Directory (Azure AD), limiting visibility for organizations transitioning to hybrid or fully cloud environments. Requested Improvements: Direct Intune Log Collection: Ability to ingest and correlate logs from Intune-managed devices to monitor compliance, device health, and security policies. Azure AD Deep Integration: Support for Azure AD audit logs, conditional access events, and identity protection alerts to provide end-to-end visibility. Cloud Workload Monitoring: Extend coverage to SaaS applications (e.g., Microsoft 365, AWS, GCP) for unified threat detection. Why It Matters: Many clients have migrated from on-prem AD to cloud-first setups this year. Without cloud-native log collection, critical security events (e.g., rogue Intune policies or Azure AD breaches) go unmonitored. 2. Improved Automation and Response Current Gap: Limited automated remediation (e.g., auto-isolating compromised devices) forces manual intervention. Requested Features: Playbook Automation: Pre-built workflows to auto-resolve common issues (e.g., disabling users after brute-force attacks). SOAR Integration: APIs to connect with SIEM/SOAR platforms (e.g., Splunk, Palo Alto Cortex) for escalated threat response.
While ManageEngine Log360 is a significant improvement, there could be enhancements in terms of integrating more user-friendly training materials and better deployment documentation.
Deploying ManageEngine Log360 is challenging in terms of knowledge. They offer some out-of-the-box configurations, but determining the specific firewall or antivirus in use and importing logs from various software sources can be complex. There is a need for more automation in such solutions, moving towards single-click deployments with minimal configurations. This would be more efficient than setting up complex systems, waiting for log collection, identifying issues, and relying on security experts to analyze logs and configure tools for future attacks. Incorporating more intelligence into the system could significantly improve this process, although the exact method remains unclear due to the evolving nature of cyber threats.
The solution lacks some features when compared to other products. It must add more features. Incident management for real-time scans must be improved a bit.
The integration with SharePoint and Teams should be improved.
The solution needs to improve hub storage. It should integrate AI and ML capabilities.
There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk. Another area that needs improvement is the integration of various technologies. Currently, they don't cover most of the major technology domains, leaving out significant coverage. Moreover, there are many additional features I would like to see. One feature would be an automated workflow for report downloading and sending it to relevant individuals. Additionally, there should be event triggers to identify and handle duplicated events. It would be helpful to have AI-driven technology to differentiate between real and false alerts, as we receive numerous false positives. Not every event is critical, so an intelligent analysis, such as behavior-driven or logic-based, should be incorporated to suppress unnecessary alerts. So, I want to decrease false positive instances. I would like to see a significant decrease in false positives based on intelligent analysis. The analysis could be behavior-driven or based on any logical approach, but it should be incorporated into the system.
We are always facing more difficulties right now because we are learning. On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits. We discussed this, and they said it is for diagnostic purposes only. Those logs won't be uploaded or regarded as a base of information for the client. That is only when you have difficulty when you face a problem. Yet changing them manually won't affect the server side, that client's life, or the knowledge of the life of that client. It will, however, be better if all of them are encrypted, and then the support side of the product can get the encrypted log files from us and decrypt and investigate. That way, we wouldn't have to tell ourselves and the auditors and then convince them that is not a vulnerability.
ManageEngine Log360 could be improved by including XDR, remediation and Sandbox. XDR can be different from other solutions because you don't just get logs, vulnerabilities or cyber threats. Also, SOA can be included as a type of security or phishing risk scam. Azure Sentinel has those features and it is a solution that can detect and remediate simultaneously. We can have a sandbox environment where we flag and simulate an attack. Hence, the system can be aware in case something happens.
It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system. The on-premises solution is very slow. When I move to another tab inside Log360 or in the SIEM, even if my system is running on 36 GB and with a high processor, it takes a lot of time to get into the alert page or the search page. It takes a long time to load a single page. With other solutions, such as Splunk, Securonix, Wazuh, I can quickly grab the details within seconds, but with ManageEngine, it takes a lot of time.
Right now, we can't even get it to work. The support needs improvement. The stability needs to be improved.
Its pricing should be better. Pricing is definitely a big factor for us. Their technical support should also be improved.
Because I haven't been using it long enough, I am not too sure what's missing. I am comparing it with Varonis. The two seem to be lining up a lot, but Varonis is a little bit better as it gives me real-time alerts for the file shares. It takes a little bit of time for Log360 to actually learn your environment. I am dealing with a lot of alerts that aren't exactly valid because it just doesn't know yet. The learning environment time is a little bit lengthy, but I think it's necessary. Since Varonis was already in the environment, I have no idea how long that took for it to learn that behavior. It's hard for me to compare the two in that aspect, but that's what I'm dealing with. That's what I would expect somebody else to be dealing with if they just got the product and they didn't have anything.
The matter of the data retention needs to be addressed. The back-end, moving to a whole new server, needs the integration of the data already collected by this tool. Right now, this is lacking. I have some customers that have to collect data for a period of two years. That data needs to be mobile - and we are talking about two terabytes or three terabytes of logs. There's always a problem, where the old server is breaking or at the end of the life, and they need a whole new one and need to migrate, however, it is very hard to find a way to do this effectively. In a future release, I would like to see some sort of feature that prepares one predefined installation. It would also be ideal if we could have separate servers for separate customers. I would like to see that there are some items that are predefined, and some features to predefine some settings. For example, I would like to create some custom reports for customer complaints and be able to report the issues and put them into every part of the solution.
The GUI needs to be improved. The graphical interface could be made easier to use when you are connecting to different network equipment. For the service it is straightforward. It is a hassle when you have different manufactures for switches and realtors. Simplifying the user interface would be very helpful. There are issues with stability. In the next release, I would suggest to include not only for enterprise-level switches but also small business-level switches in the system. Some of our offices experienced issues when they had both local switches. Also, simplify the interface when you are adding network equipment.
There are issues when we log into Log360 from the computer that is hosting the system. It does not connect to the Active Directory. For example, Linux cannot connect or log into Log360 with the Active Directory user. We can log in as a local user, and it's fine, but when we login with an Active Directory user, we cannot.
The only thing I'd say is to provide log sheets that accurately describe how this solution works. Most times log sheets are not assigned well. You need to contact your support or you need to go to marketing and I don't like that. Also, a Cloud version would be a major breakthrough. I think it should be looked into because most organizations these days don't want to publish on servers. Also in terms of flexibility, I think a cloud version should be pushed. Backups are very, very important. We had a situation where because cloud reliability is not 100% when we wanted the backup we needed to re-position the server. So instead of starting from the previous position completely, it would be nice if you could just take the file and install the same version of the ones you want because now if you want to run that backup, you must install the one that was going before. I should be able to replicate the same on another server. I should be able to pick the same file and go. So the backup process is not that easy and not that straightforward.