Log everything from anywhere: Centralizing log collection with Log360

Auditing remote-joined computers with ManageEngine Log360

In today's complex IT environments, comprehensive log collection is crucial for effective auditing and security monitoring. Without this, endpoints, especially those that are VPN-joined, stay out of your reach while auditing.

This was the bottleneck faced by our Log360 customer who recently availed OnboardPro, ManageEngine's professional services. They knew Log360 was capable of collecting logs from all their network devices—but what about the endpoints that were connected remotely via VPN?

Enabling WMI permissions for all endpoints in one go

Deploying SIEM solutions such as Log360 has a mandatory prerequisite: enabling WMI permissions. With these permissions, the solution is allowed to fetch and collect logs from endpoints. To skip this tiring manual process, our implementation manager designed a custom PowerShell script to enable all the necessary permissions for log collection.

This script was stored in a secure and shared location, ensuring only devices connected to the organization's network could access it. Next, a GPO was created, which automatically executed the script on all endpoints within the network.

However, there was a hiccup: The script was inaccessible for VPN-joined computers.

VPN-joined computers? Auditing stops for none

Our implementation manager created a new GPO exclusively for remotely joined computers. This GPO force-pasted the custom PowerShell script from the shared folder to a local folder on the endpoint.

Since the script was now locally available, the GPO created earlier triggered the execution and enabled the WMI permissions just as it did for on-premises systems.

All network devices, whether on-premises or remote, had their permissions enabled and configured as required. Today, our customer has a completely centralized, continuous, and reliable log collection process using Log360.

ManageEngine Log360, a comprehensive SIEM solution helps enterprises to thwart attacks, monitor security events, and comply with regulatory mandates. The solution comes bundled with a log management component that provides better visibility into network activity, incident management module that helps quickly detect, analyze, prioritize, and resolve security incidents, ML-driven user and entity behavior analytics add-on that baselines normal user behaviors and spots anomalous user activities, threat intelligence platform that brings in dynamic threat feeds for security monitoring and aids enterprises to stay on top of attacks. For more information about Log360, visit manageengine.com/log-management.