What types of configuration changes does Log360 monitor?

Log360 monitors firewall rule additions, modifications, and deletions; Windows registry changes including failed attempts; router and switch configuration changes across multiple vendors; cloud infrastructure changes in AWS and Azure; and critical server configurations including IIS web servers. Each change is tracked with detailed forensic information including user, timestamp, source, and specific values modified.

How does Log360 help investigate suspicious configuration changes?

Log360's Incident Workbench allows security analysts to visualize user accesses and activities following suspicious configuration changes. The solution uses out-of-the-box correlation rules based on the MITRE ATT&CK framework to identify potential threats, enabling teams to validate threat conditions by examining the sequence of events and user behaviors stemming from initial configuration modifications.

Monitoring Critical Configuration Changes with Log360

Name: Monitoring Critical Configuration Changes with Log360
Uploaded: 2026-05-08T19:18:16-04:00
Duration: 3 min 47 s
Description: Unauthorized configuration changes can lead to security vulnerabilities. This video explains how Log360 enables IT admins to detect, analyze, and respond to critical configuration changes across network devices, servers, and applications. Suggestive Re...

Manage Engine

05/08/2026

0 (0%)

Report Like Favorite

TL;DR

Log360 monitors critical configuration changes across firewalls, servers, network devices, and cloud platforms to detect potential security threats mapped to MITRE ATT&CK techniques for initial access, defense evasion, and persistence.
The solution provides detailed audit trails for firewall rule changes, registry modifications, router configurations, and cloud infrastructure changes in AWS and Azure, capturing who made changes, when, from where, and what specific values were modified.
Incident Workbench enables security teams to investigate suspicious configuration changes by visualizing user activities and access patterns post-event, using out-of-the-box correlation rules based on the MITRE ATT&CK framework to validate threat conditions.

Summary

This demonstration showcases how ManageEngine Log360 enables security operations teams to monitor and respond to critical configuration changes across enterprise infrastructure. The video walks through Log360's capabilities for tracking unauthorized modifications to firewalls, routers, servers, registries, and cloud platforms—changes that often signal initial access attempts, defense evasion tactics, or persistence mechanisms aligned with the MITRE ATT&CK framework. Key monitoring areas include firewall rule additions and deletions with complete audit trails, Windows registry modifications with before-and-after values, router configuration changes across multi-vendor environments including Cisco and SonicWall, and cloud infrastructure changes in AWS and Azure through the integrated Cloud Security Plus component. The solution provides detailed forensic data for each change event, including the user responsible, source device or IP address, precise timestamps, and specific configuration values modified. For investigation workflows, Log360's Incident Workbench allows analysts to visualize user activities and access patterns following suspicious configuration changes, enabling validation of potential threat conditions through correlation rules based on MITRE ATT&CK techniques.

Chapters

0:00 - Introduction to Configuration Monitoring
0:45 - Firewall Rule Change Tracking
1:10 - Registry Modification Monitoring
1:37 - Router Configuration Changes
2:03 - Cloud Infrastructure Monitoring
2:48 - Server Configuration Tracking
3:10 - MITRE ATT&CK Correlation
3:22 - Incident Investigation Workflow

Key Quotes

0:24 "Mapped to the initial access, defense evasion, and persistence attacking techniques, critical changes to security tools, firewalls, servers, and cloud platforms are one of the solid indicators of potential threats."
1:56 "Detailed insights include users who made the changes, the source, and the time of each modification across various devices like routers, switches, firewalls, across vendors like Cisco, SonicWall, and others."
3:10 "Lock360 also captures critical changes to system processes with its out-of-the-box correlation rules based on the MITRE ATT&CK Threat Modeling Framework."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/