Take a Product Tour
Explore the user interface, features, and capabilities of Logmanager
Quick Start Guide
Deploy Logmanager in your virtual environment
Join our Team
Explore open job opportunities and become part of a team building meaningful technology.
Quick triage is useful when you receive an alert with very little context. A single IP address can still serve as a good investigation pivot. Logmanager makes this practical by allowing fast searching, column customization, and smooth expansion from one clue to a wider set of related events.
Open Discover and search for the suspicious IP address from the alert. Extend the time interval beyond the exact alert time so you can see what happened before and after the triggering event.
Add useful fields such as username, event type, and source device. This is helpful because it lets you understand the context of each event without opening every row one by one.
Review the timeline for failed logins, probing behavior, and later successful or application-related events. A sequence of failed attempts followed by valid activity can indicate escalating risk.
If multiple usernames or source systems appear in connection with the same IP address, continue by reviewing those users, other associated IPs, and any unusual access or privilege activity connected to them.
Parser for Cohesity
Download the ready-made parser for Cohesity.
How to Monitor and Maintain Logmanager Health
Learn how to maintain peak Logmanager performance.
Global Filter for Different Groups of Windows Sources
Configure all your Windows Agents with a single action.
Contextual Alert to Identify Firewall Brute Force Attack Sources
Download the contextual alert template.