Take a Product Tour
Explore the user interface, features, and capabilities of Logmanager
Quick Start Guide
Deploy Logmanager in your virtual environment
Join our Team
Explore open job opportunities and become part of a team building meaningful technology.
Quick triage is useful when you receive an alert with very little context. A single IP address can still serve as a good investigation pivot. Logmanager makes this practical by allowing fast searching, column customization, and smooth expansion from one clue to a wider set of related events.
Open Discover and search for the suspicious IP address from the alert. Extend the time interval beyond the exact alert time so you can see what happened before and after the triggering event.
Add useful fields such as username, event type, and source device. This is helpful because it lets you understand the context of each event without opening every row one by one.
Review the timeline for failed logins, probing behavior, and later successful or application-related events. A sequence of failed attempts followed by valid activity can indicate escalating risk.
If multiple usernames or source systems appear in connection with the same IP address, continue by reviewing those users, other associated IPs, and any unusual access or privilege activity connected to them.
Contextual Alert to Identify Firewall Brute Force Attack Sources
Download the contextual alert template.
Parser for Wallix PAM (Bastion)
Download the ready-made parser for Wallix PAM (Bastion).
How to Configure Logmanager Backups on an SMB Server
In this guide, you prepare a Samba share on Ubuntu and then point Logmanager to that location for automated archiving.
How to Connect a FortiGate Firewall to Logmanager
Connecting FortiGate to Logmanager is useful because it centralizes traffic events, security logs, and operational activity from the firewall in one searchable platform.
