Built-In Orchestration and Low-Code Playbooks in Log360 Let Security Teams Handle the Full Incident Life Cycle Within One Platform
-
Introduces native SOAR built into the unified security platform’s core data model
-
Adds seven critical integrations across leading EDR, identity, and threat intelligence platforms, expanding cross-domain orchestration
-
Combines a low-code playbook builder and ready-to-use templates designed for faster time to value
ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, announced a core architecture upgrade in Log360, its unified security platform, introducing native SOAR capabilities, seven new integrations with some of the industry’s leading security vendors, and cross-domain orchestration capabilities that places detection, AI investigation, and automated response in a single data model.
Also Read: CIO Influence Interview with Kyle Wickert, Field CTO at AlgoSec
Security operations are entering the agentic automation era, albeit with infrastructure that was not built for it. Across most SOCs, tools multiply without converging, each coming with its own alert queue, data model, and demand on analyst time. The visibility problem is rarely a shortage of tooling; it’s a failure of integration. AI agents and autonomous response only work when the layers beneath them share context, and most security stacks do not.
Log360’s native SOAR is engineered for that shared context. A single playbook can isolate an endpoint through EDR, revoke a compromised session through IAM, enrich the incident with external threat intelligence, open a service ticket, and notify the SOC, all driven by the same alerts, detections, and behavioral signals the platform already produces.
“The next evolution in security operations is about rethinking the architecture so that AI, detection, and response share the same foundation,” said Manikandan Thangaraj, vice president of ManageEngine. “When an AI investigation agent and an orchestration engine operate over the same data model, the friction that has kept security teams reactive for years is eliminated. No API handoffs, no reconstructing context, no gap between insight and action. The best automation isn’t prescriptive, it’s programmable. That’s what we’ve built into Log360.”
Key New Capabilities in Log360
Expert playbooks, ready on day one: A CDN-delivered library of prebuilt response templates means automation is live on day one. When teams are ready to go deeper, analysts extend workflows through low-code platform Zoho Qntrl, while engineers take full control with Python or Deluge. The approach allows teams to build once and continuously adapt workflows to evolving environments and compliance requirements.
Automated response across the entire stack: One automated workflow can isolate endpoints, revoke compromised credentials, open service tickets, and enforce response actions across EDR platforms, network infrastructure, and business applications, eliminating manual handoffs between teams and tools.
Context-aware incident response: Playbooks enrich alerts with threat intelligence and asset context, apply conditional logic to route incidents by severity or compliance scope, and execute multi-step response sequences automatically without human intervention.
Endpoint coverage that closes the cross-domain gap: Endpoint telemetry, along with identity and cloud context, is brought into Log360’s correlation and response layer to track and contain threats from a single platform.
Catch more CIO Insights: The CIO as a Value Creator: Moving Beyond Cost Centers to Revenue Drivers
[To share your insights with us, please write to psen@itechseries.com ]
