ManageEngine boosts Log360 to cut SOC alert noise by 90 percent

ManageEngine has strengthened its security information and event management solution Log360 with a reengineered threat detection approach to address challenges faced by security operations centre teams.

The changes come as security teams report difficulties managing the volume and relevance of alerts. According to the 2025 Threat Intelligence Benchmark study commissioned by Google, more than 60 per cent of SOC teams feel overwhelmed by irrelevant threat data, with a majority of cloud security alerts - 53 per cent - considered to be noise.

The latest enhancements introduced by ManageEngine to Log360 aim to refine the filtering of security alert noise, support faster triage, and reduce the risk of burnout among security analysts. The upgrade builds on Log360's position as a unified security platform through improved detection precision and operational efficiency.

Detection system overhaul

"The biggest challenge for security teams today isn't collecting data - it's separating genuine signals from overwhelming noise," said Manikandan Thangaraj, Vice President at ManageEngine. "We've reengineered our detection system to not just build more complex rules, but to deliver true efficiency and empower SOC with flexible, granular rule-tuning capabilities that go beyond simple thresholds. With this advancement, SOC analysts can filter out benign noise without sacrificing the ability to catch a true compromise. This shifts our focus to a targeted pursuit of genuine threats – ensuring we're effectively protecting and not just monitoring twenty-four seven."

The reengineered Log360 now offers a centralised detection console, object-level filtering, and an extensive library of over 1,500 prebuilt detection rules. These rules are regularly updated through the cloud to keep threat coverage current. The system also adopts the MITRE ATT&CK threat modelling framework and SIGMA-based detection rules, which are widely recognised standards in cyber threat detection.

Log360's upgrade introduces a unified console allowing security teams to manage a variety of detection content - ranging from MITRE ATT&CK-aligned rules to user and entity behaviour analytics (UEBA) and correlated threat intelligence feeds - within a single platform. Teams can create standard, anomaly-based, or advanced detection rules through an interactive user interface without the need for coding or writing queries.

Rule tuning and cloud delivery

The solution's detection rules are specifically curated by ManageEngine's internal threat research teams to ensure both accuracy and a low rate of false positives. Distributed via cloud updates, the platform aims to help customers remain up-to-date with emerging threats and detection tactics. Object-level filtering enables teams to monitor high-value identities such as specific Active Directory users, groups, or organisational units, while minimising unnecessary alerts from low-priority triggers.

Scalability for enterprise

To manage growing data sources and log volumes, Log360's architecture has been enhanced for enterprise-grade scalability. The platform now supports multi-tier deployments, role-specialised log processing - including dedicated functions for correlation, enrichment, and alerting - and centralised collection from multiple sites, designed to provide operational continuity within large-scale, distributed enterprise environments.

Impact demonstrated in public safety

Early beta testing of the reengineered Log360 platform involved Emergency Communications of Southern Oregon (ECSO) 911, which provides emergency dispatch and public safety answering services across Jackson County and Crater Lake National Park in the United States. ECSO 911 reported a significant reduction in false positive alerts and improved response times.

"For a 911 emergency communications centre, security is the foundation of public trust - and any failure has immediate, real-world consequences. The latest advanced detection capabilities are not optional – they are essential," said Corey Nelson, IT Manager, ECSO 911. "With Log360's optimised detection rules and filtering techniques, we have reduced false or low-priority alerts by 90 per cent, allowing our analysts to focus on the threats that matter most. This improvement has significantly accelerated our ability to identify and respond to real cyber incidents."

The practical results reported by ECSO 911 reflect the intended outcomes of the Log360 enhancement: enabling security analysts to focus on actionable events while maintaining coverage against genuine threats.

Summary of upgrade features

Among the key changes delivered in this Log360 release are:

• A unified detection console consolidating MITRE ATT&CK-aligned content, correlation logic, UEBA insights, and threat intelligence into one interface.
• Cloud-delivered, continuously updated detection rules covering a broad range of threat scenarios, including privilege escalation, lateral movement, endpoint tampering, and SaaS application attacks.
• Support for SIGMA-based detection rules, an open standard for security event correlation.
• Multi-tier architecture providing horizontal scalability and centralised management for large enterprise environments.

With these enhancements, ManageEngine is aiming to address the core issue of alert fatigue in SOC teams by reducing noise and enabling a more precise focus on real security threats.