Log360 enhancements combine AI-driven investigation, orchestration, and automated incident response within a unified security platform
ManageEngine, a division of Zoho Corporation, has announced a major architecture upgrade to its unified security platform, Log360, introducing native Security Orchestration, Automation, and Response (SOAR) capabilities aimed at helping enterprises streamline security operations and reduce response times.
The update integrates detection, AI-powered investigation, and automated response workflows into a single data model, enabling security teams to manage the full incident lifecycle from one platform. The announcement comes as organizations increasingly struggle with fragmented security infrastructures, multiple disconnected tools, and rising operational complexity in modern Security Operations Centers (SOCs).
“The next evolution in security operations is about rethinking the architecture so that AI, detection, and response share the same foundation. When investigation agents and orchestration engines operate on the same data model, security teams can eliminate the friction that has traditionally slowed incident response,” said Manikandan Thangaraj, Vice President at ManageEngine.
According to ManageEngine, most enterprise SOCs today face integration challenges rather than a lack of security tools. Separate alert queues, isolated data models, and manual workflows often slow investigations and create delays between threat detection and response. The company believes that effective AI-driven security automation requires shared operational context across security layers.
The newly introduced native SOAR capabilities in Log360 are designed to address this challenge by enabling cross-domain orchestration. Using a single playbook, security teams can automate actions such as isolating compromised endpoints through EDR platforms, revoking user sessions via identity management systems, enriching incidents with external threat intelligence, creating service tickets, and notifying SOC teams.
ManageEngine has also introduced seven new integrations with leading endpoint detection, identity, and threat intelligence platforms to expand orchestration capabilities across enterprise environments.
A key component of the update is a low-code playbook builder supported by prebuilt automation templates delivered through a CDN-based library. Organizations can deploy automated workflows immediately while also customizing them using Zoho Qntrl or programming languages such as Python and Deluge.
Additional capabilities include context-aware incident response, automated threat enrichment, conditional logic for compliance-based routing, and unified endpoint, identity, and cloud telemetry visibility.
With these enhancements, ManageEngine aims to help enterprises transition toward AI-driven and agentic security operations by reducing manual intervention, improving operational efficiency, and enabling faster, more coordinated responses to modern cyber threats.
