With a comprehensive upgrade to its SIEM solution Log360, ManageEngine is addressing one of the most pressing issues in European and international security operations centres (SOCs): the growing flood of irrelevant alerts. The aim of the new generation is to significantly reduce false alarms, keep threat coverage continuously up to date and thus relieve security teams in the long term.

Alert fatigue as a European challenge

A recent Google study (‘2025 Threat Intelligence Benchmark’) shows that over 60 per cent of SOC teams are overwhelmed by irrelevant threat data. A full 53 per cent of all cloud alerts turn out to be false alarms. In European companies, too, this leads to ‘alert fatigue’ and thus to declining attention and increasing susceptibility to errors. The new Log360 version aims to break this vicious cycle through improved rule optimisation, insights into high-quality signals, and greater automation.

‘The biggest challenge for security teams today is not collecting data, but separating real alerts from the overwhelming amount of false positives,’ explains Manikandan Thangaraj, Vice President at ManageEngine. “With our new features, analysts can filter out irrelevant messages much more efficiently and focus on real threats. This not only increases the speed of response, but also protects companies more sustainably.”

New features at a glance

Revised Detection Console

The central Detection Console bundles all detection content – from MITRE ATT&CK-compliant rules and correlation logic to UEBA analyses and threat intelligence – in a unified interface. Analysts can create detection rules via an interactive UI without having to write complex queries themselves. Object-level filters for Active Directory users, groups, and organisational units ensure that critical identities are monitored specifically, while less relevant alerts are suppressed.

Cloud-delivered content

Over 1,500 pre-built detection rules, continuously updated by ManageEngine’s internal threat research team, are integrated directly into Log360. These rules cover a wide range of attack scenarios, from privilege escalation and lateral movement to SaaS-based attacks. Thanks to a cloud-based update mechanism, SOC teams always remain up to date. In addition, SIGMA-based rules are included in the package, facilitating interoperability in European multi-vendor environments.

Multi-layered architecture for enterprise scaling

The new enterprise architecture enables horizontal scalability with log processor clusters and role-based processing. Centralised data collection from distributed locations ensures stability and reliability – particularly relevant for large, geographically dispersed companies or organisations with hybrid IT landscapes.

Practical experience confirms efficiency

Initial beta testing by ECSO 911 (Emergency Communications of Southern Oregon, USA) confirms its effectiveness. The operator of a combined emergency call centre and PSAP for 911 lines reports a 90 per cent reduction in irrelevant alerts. ‘For a 911 emergency call centre, security is the foundation of public trust. Any failure has immediate, real-world consequences. Thanks to Log360’s optimised detection rules and filtering techniques, we have reduced false or less important alerts by 90 per cent,’ reports Corey Nelson, IT manager at ECSO 911.

Significance for Europe

In Europe in particular, SOC teams are confronted with strictly regulated frameworks: from the NIS 2 Directive and the EU Cyber Resilience Act to industry-specific standards. The ability to drastically reduce false alarms while using MITRE ATT&CK and SIGMA-compatible rules not only facilitates operational work, but also compliance reporting.

In addition, European companies face the challenge of scaling their SOC architectures across national borders – often in corporations with heterogeneous IT landscapes. The multi-layered architecture of Log360, combined with cloud-based rule updates, creates practical added value here.