(Moved from old site. Originally posted June 23, 2025, with Updated content December 18, 2025)

I first started using ManageEngine products after a job change around 2021. Log360 was part of the toolset I inherited, and my first impression was not great. The interface felt clunky, navigation was unintuitive, and correlation rules needed constant manual babysitting. It did the job, but it felt like a compromise rather than a choice.

Fast forward to late 2025, and my view has shifted a lot. Especially after attending infosec in 2024, and meeting up with the guys there, and asking them to show me “what’s changed”.

ManageEngine has put real engineering effort into moving Log360 from “log management with SIEM aspirations” into something that looks and behaves far more like a modern SOC platform. This is not just a visual refresh, there are concrete product changes, especially around detection quality, rule management, and analyst workflow, that directly address the pain points that made earlier Log360 deployments feel grindy (ManageEngine, 2025a; ManageEngine, 2025b). ManageEngine+1

What Log360 actually is, and why that matters

Part of the confusion, and sometimes disappointment, around Log360 is that it is best understood as a unified console built from multiple ManageEngine components, not a single monolithic “SIEM box.” In current documentation and product positioning, Log360 is presented as combining capabilities across log management and reporting, Active Directory auditing, Microsoft 365 and Exchange auditing, and public cloud monitoring (ManageEngine, 2025c; ManageEngine, 2025d).

That integrated approach can be a strength if your environment is Microsoft heavy and you actually want AD, M365, Exchange, and log analytics tied together. It can also be a weakness if you expected a cloud-native SIEM experience out of the gate, or if you do not deploy enough of the “surrounding” modules to make the platform feel coherent (PeerSpot, 2025; G2, 2025).

The biggest change since mid 2025, detection got a serious overhaul

The most meaningful shift since this article’s original date is the September 2025 major upgrade, Build 13000, which introduced a re-engineered detection architecture explicitly aimed at reducing false positives, improving alert fidelity, and making rule management less painful. ManageEngine’s own release notes describe a centralised detection console, improved rule creation workflows, object-level filtering, and rule tuning insights (ManageEngine, 2025a; ManageEngine, 2025b).

This is not just ManageEngine marketing copy either. Industry coverage also framed the change as a major revamp designed to help SOC teams cut through noisy alerts (SC Media Staff, 2025; Sharma, 2025).

In practical terms, this is the kind of upgrade that changes day-to-day analyst experience. Older SIEM pain is often not “lack of logs,” it is alert overload, brittle rules, and a constant battle between tuning and missing real signal. The detection changes in Build 13000 directly target that problem space (ManageEngine, 2025a; Sharma, 2025).

Additional late 2025 improvements, small features that matter in real life

After Build 13000, the November 2025 releases added additional quality-of-life and security features. For example, Build 13003 introduced “impossible travel detection,” flagging logins from different countries occurring within an unusually short timeframe (ManageEngine, 2025b; ManageEngine, 2025a).

That is not revolutionary on its own, plenty of platforms do this, but it signals that detection content is being actively expanded in a way that aligns with identity-driven attack patterns (credential theft, token replay, and compromised accounts), rather than treating SIEM as purely infrastructure logging (ManageEngine, 2025b; ManageEngine, 2025e).

UEBA got clearer, and more “SOC-shaped”

When we deployed add-ons like UEBA, ADAudit Plus, and Exchange Reporter Plus, the visibility gains were real, but the big win was that the modules did not pile chaos on top of chaos. The dashboards became more digestible and the “thread pulling” experience improved.

ManageEngine’s Log360 Cloud UEBA documentation now clearly describes ML-driven baselining, anomaly detection, and risk scoring, positioning UEBA as a complementary detection layer that can surface slow-burn behaviour patterns that correlation rules often miss (ManageEngine, 2025f).

Externally, peer reviews commonly highlight UEBA as one of the stronger parts of the product, while still noting that setup and operational maturity matter a lot (PeerSpot, 2025; Gartner, 2025).

The cloud and Microsoft 365 story, better, but still not frictionless

One of Log360’s consistent historical weak spots has been cloud log ingestion feeling more manual than it should, especially compared with more cloud-native SIEMs.

What is interesting now is that ManageEngine documentation reflects both realities at once. There are “automatic configuration” steps for Microsoft 365 tenants, but there are also explicit “manual configuration” steps that walk you through Azure application setup and credential handling (ManageEngine, 2025g; ManageEngine, 2025h).

That matches what many SOC teams experience: some integrations are smooth, others still involve careful app registration, permissions, secrets, and ongoing maintenance. Reviews also reflect this mixed experience, including commentary about cloud configuration complexity and public cloud coverage expectations (G2, 2025; PeerSpot, 2025).

On the positive side, ManageEngine has expanded and formalised documentation around Microsoft Entra ID monitoring and Azure monitoring as first-class integrations, including compliance-oriented reporting claims (ManageEngine, 2025i; ManageEngine, 2025j).

Compliance support, strong on reporting, but do not confuse reporting with security

Log360 has long been positioned as compliance-friendly, and the documentation continues to emphasise audit-ready reporting for common frameworks and regulations (ManageEngine, 2025k; ManageEngine, 2025j).

Log360 Cloud documentation also explicitly lists compliance reports, including UK Cyber Essentials and ISO 27001, which is particularly relevant for UK organisations using certifications as commercial trust signals (ManageEngine, 2025l; PeerSpot, 2025).

Two important caveats, because the universe enjoys humbling us:
First, compliance reporting helps you evidence controls, but it does not automatically mean you are detecting threats effectively. A SIEM can generate beautiful compliance artefacts while still being operationally ignored. That is not a Log360 problem, that is a SOC maturity problem.
Second, vendor compliance is not your compliance. ManageEngine publishes its own compliance certifications, including ISO standards and SOC 2 claims (ManageEngine, 2025m). Zoho Corporation Limited (Zoho UK) also has a publicly viewable Cyber Essentials Plus certificate with scope defined to the Zoho UK office and specific EU datacenters (BlockMark Technologies Ltd, 2025; ManageEngine, 2025m).

That is good context when you are evaluating Log360 Cloud, but it should sit alongside your own risk assessment, data residency requirements, and operational monitoring plan.

Support, still the differentiator, and reviews back up the theme

My strongest positive bias toward ManageEngine remains their support culture. In one exceptional case, they sent three engineers on site for a full week, embedded with the SOC, observed workflows, squashed bugs, and helped tailor processes to the environment. That kind of “we will actually show up and fix this with you” approach is rare in security tooling.

It is also not purely anecdotal. Case study content and peer review ecosystems regularly highlight helpful support experiences, even when reviewers criticise setup complexity or interface quirks (ManageEngine, 2025n; Capterra, 2025).

The remaining flaws, and why they still matter

Even with the improvements, Log360 is not magically exempt from the SIEM laws of physics.

Storage and scaling can still hurt. Reviewers explicitly mention storage requirements and the need for better data compression, which is a familiar pain point in log platforms generally (G2, 2025; Sharma, 2025).

Cloud integration maturity varies by source. Some integrations are well documented and feel native, others still require more manual effort than teams expect, especially if they are comparing against a cloud-first SIEM experience (ManageEngine, 2025g; G2, 2025).

Smaller teams can still hit the learning curve wall. Log360 has become more analyst-friendly, but it is still a platform that rewards proper onboarding, detection engineering discipline, and ongoing tuning.

How to avoid turning Log360 into expensive shelfware

This is the part where I ruin everyone’s fun with reality.

If you buy Log360, or any SIEM, and you do not invest in operations, you will end up with “compliance exhaust fumes” rather than meaningful detection. The Build 13000 detection improvements help reduce noise and make tuning more practical (ManageEngine, 2025a; Sharma, 2025).

But you still need the basics:
Define priority log sources, map detection use cases to likely attack paths, test alerts, assign ownership for triage, and measure whether incidents are actually being investigated. If you do not do that, you do not have a SIEM, you have a very expensive log archive with a dashboard.

Bottom line

Log360 started, for me, as a frustratingly awkward product. As of late 2025, it has evolved into something I can describe, without sarcasm, as a respectable SIEM solution, especially for organisations that want a Microsoft-centric visibility stack without paying top-tier SIEM prices.

The biggest reason I take it more seriously now is not the UI polish, it is the tangible detection and rule-management overhaul in Build 13000, plus continued incremental improvements afterwards (ManageEngine, 2025a; SC Media Staff, 2025).

It is not perfect, but it is no longer “almost there.” It is, finally, meaningfully there.

References
BlockMark Technologies Ltd (2025) ‘BM Registry, Cyber Essentials Plus certificate for Zoho Corporation Limited, scope Zoho UK office and EU Datacenters, certification date 19 September 2025, valid to 19 September 2026’, BlockMark Registry. Available at: https://registry.blockmarktech.com/certificates/061e91c4-e56a-4f0c-a09c-66fea8d9c587/ (Accessed: 18 December 2025).

Capterra (2025) ‘ManageEngine Log360 reviews and ratings’, Capterra. Available at: https://www.capterra.com/p/246638/ManageEngine-Log360/ (Accessed: 18 December 2025).

G2 (2025) ‘ManageEngine Log360 reviews’, G2. Available at: https://www.g2.com/products/manageengine-log360/reviews (Accessed: 18 December 2025).

Gartner (2025) ‘ManageEngine Log360 reviews’, Gartner Peer Insights. Available at: https://www.gartner.com/reviews/market/security-information-event-management/vendor/manageengine/product/manageengine-log360 (Accessed: 18 December 2025).

ManageEngine (2025a) ‘Release notes for ManageEngine Log360’, ManageEngine Documentation. Available at: https://www.manageengine.com/log-management/release-notes.html (Accessed: 18 December 2025).

ManageEngine (2025b) ‘ManageEngine Log360 latest features’, ManageEngine. Available at: https://www.manageengine.com/log-management/features-new.html (Accessed: 18 December 2025).

ManageEngine (2025c) ‘Log360, an integrated log management and SIEM solution’, ManageEngine. Available at: https://www.manageengine.com/log-management/integrated-log-management-and-siem-solution.html (Accessed: 18 December 2025).

ManageEngine (2025d) ‘Welcome to Log360’, ManageEngine Documentation. Available at: https://www.manageengine.com/log-management/help/welcome/welcome-to-log-360.html (Accessed: 18 December 2025).

ManageEngine (2025f) ‘UEBA in ManageEngine Log360 Cloud, overview’, ManageEngine Documentation. Available at: https://www.manageengine.com/cloud-log-management/help/user-entity-behavior-analytics/overview.html (Accessed: 18 December 2025).

ManageEngine (2025g) ‘Microsoft 365 automatic configuration steps, Log360 Cloud’, ManageEngine Documentation. Available at: https://www.manageengine.com/cloud-log-management/help/setting-up/auto-microsoft365-tenant-configuration.html (Accessed: 18 December 2025).

ManageEngine (2025h) ‘Microsoft 365 manual configuration steps, Log360 Cloud’, ManageEngine Documentation. Available at: https://www.manageengine.com/cloud-log-management/help/setting-up/manual-microsoft365-tenant-configuration.html (Accessed: 18 December 2025).

ManageEngine (2025i) ‘Microsoft Entra ID monitoring with Log360’, ManageEngine. Available at: https://www.manageengine.com/log-management/integrations-and-partnerships/microsoft-entra-id-monitoring.html (Accessed: 18 December 2025).

ManageEngine (2025j) ‘Azure monitoring with ManageEngine Log360’, ManageEngine. Available at: https://www.manageengine.com/log-management/integrations-and-partnerships/azure-monitoring.html (Accessed: 18 December 2025).

ManageEngine (2025k) ‘Microsoft 365 reporting, auditing and alerting with Log360’, ManageEngine. Available at: https://www.manageengine.com/log-management/office-365-administration-reporting-auditing-tool.html (Accessed: 18 December 2025).

ManageEngine (2025l) ‘Compliance reports, Log360 Cloud’, ManageEngine Documentation. Available at: https://www.manageengine.com/cloud-log-management/help/reports/compliance-reports.html (Accessed: 18 December 2025).

ManageEngine (2025m) ‘Compliance at ManageEngine’, ManageEngine. Available at: https://www.manageengine.com/compliance.html (Accessed: 18 December 2025).

ManageEngine (2025n) ‘Helsingin aikuisopisto case study’, ManageEngine. Available at: https://www.manageengine.com/log-management/case-studies/log360-helsingin-aikuisopisto-case-study.html (Accessed: 18 December 2025).

PeerSpot (2025) ‘Log360 reviews and comparisons’, PeerSpot. Available at: https://www.peerspot.com/products/log360-reviews (Accessed: 18 December 2025).

SC Media Staff (2025) ‘ManageEngine revamps Log360 threat detection’, SC Media, 24 September. Available at: https://www.scworld.com/brief/manageengine-revamps-log360-threat-detection (Accessed: 18 December 2025).

Sharma, R. (2025) ‘ManageEngine Log360 Upgrade Enhances Threat Detection, Reduces Alert Fatigue’, The Fast Mode. Available at: https://www.thefastmode.com/technology-solutions/44721-manageengine-log360-upgrade-enhances-threat-detection-reduces-alert-fatigue (Accessed: 18 December 2025).