Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-115003790549.png

Threat Intelligence

Threat Intelligence (TI) fetches information and insights about existing or potential cyber threats and risks from various sources. It then assembles, processes and analyzes the fetched information and uses it to predict data breaches, vulnerable attacks and any evidence of pre-planned attacks or threats and notify about it in real-time. You can also link custom threat data sources and fetch and analyze their logs.

Release Details
Version: 6.4.0
Release date:  1st January, 2025
Supported On: Logpoint v7.5.0 and later
Documentation: Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
SHA 256: f742960d0440611415a610373aebc1273d329ecce22580f890bda2cf6dcf008d
Download

Package Details

Threat Intelligence Components:

  1. Enrichment Source
    • ThreatIntelligence
  2. Process Command
    • ti
  3. Dashboard Package
    • LP_Threat Intelligence
  4. Alert Packages
    • LP_Threat Intel Internal Machine Connecting to Multiple IOCs
    • LP_Threat Intel Excessive Denied Connections Attempt from IOC
    • LP_Threat Intel Connections with Suspicious Domains
    • LP_Threat Intel Allowed Connections from Suspicious Sources
    • LP_Threat Intel IOC Connecting to Multiple Internal Machines

Enhancement

The following columns are added to the threat intelligence table:

Column

Issue ID

Reference ID
Confidence: indicates reliability, helping prioritize high-confidence threats for quicker action while reducing false positives.

 

 

 

PLUG-15718


 

 

 -
ASN: provides insight into the source, enabling more accurate threat attribution and proactive defence measures. -
Tag: facilitates threat categorization, allowing for better organization, filtering, and retrieval of relevant threat data during investigations. -

 

Past Releases

Threat Intelligence v6.3.1

Version:6.3.1
Release date: 30th Oct, 2024
Supported On: Logpoint v7.5.0 and later 
SHA 256: 393ffa83255f0a99341f3dce0793ec7801b7878124ddd96ff9e331826de8db99
Documentation: Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Download

Bug Fix

Description

Issue ID

Reference ID

With the MongoDB update, the database commands that Threat Intelligence used to fetch logs were discontinued, preventing it from fetching logs.

PLUG-13247

-

Threat Intelligence v6.3.0

Version:6.3.0
Release date: 30th Oct, 2024
Supported On: Logpoint v7.5.0 and later 
SHA 256: 93da8a5becd67467709f5e7ce4e4c85a793d5906afec8ddeb659ea0a54647d3c
Documentation: Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Download

Enhancement

Description

Issue ID

Reference ID

Threat Intelligence is now compatible with Logpoint v7.5.0 and later. 

-

-

Threat Intelligence v6.2.1

Version:6.2.1
Release date: 24th April, 2024
Supported On: Logpoint v7.4.0 and later 
SHA 256: 1b6922b5f0ecd5c1d4459af685b589434e9e65f3e3d606dd929f8580d4fe33b4
Documentation: Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Download

Enhancement

Description

Issue ID

Reference ID

Threat Intelligence is now compatible with Logpoint v7.4.0 and later. 

-

-

Threat Intelligence v6.1.2

Release version: 6.1.2

Release Date: March 7, 2024

Supported On: Logpoint v6.12.2 and later 

Download: ThreatIntelligence_6.1.2.pak

SHA256: e3ebd2619fc218954aad3d9245847d08ddab374c61ec8e2777cc4222d20eac90

Documentation: 

Threat Intelligence for Logpoint

Threat Intelligence for Director Console UI

hreat Intelligence for Director Console API

Bug Fixes

The following issues are fixed:

Description 

Issue ID

Reference ID

Threat Intelligence failed to fetch logs from the free MISP feed hosted on the Nginx server.

 PLUG-10995 79452, 80526
The Base URL entered during the configuration of Custom CSV was not properly validated which could lead to potential security issues. PLUG-11300  

Threat Intelligence v6.1.1

Release version: 6.1.1

Release Date: June 20, 2023

Supported On: Logpoint v6.12.2 and later

Download: ThreatIntelligence_6.1.1.pak

SHA256: 303f65411e0caf7b5f7cdf1b87fa52f7550c3867982ee5c709e4069b238885ad

Documentation: 
Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API

Enhancement

Description

Issue ID

Reference ID
The hash field in Threat Intelligence now consists of the SHA256 hash for malware hashes from Blueliv.

PLUG-9474

 70742

Bug Fixes

The following issues are fixed:

Description 

Issue ID

Reference ID

Fields with no values have been removed from the search results.

 PLUG-9474 70742
The URL for the malware category of Blueliv is corrected to /lastday. PLUG-9474 70742

Fields with no values have been removed from the search results.

Threat Intelligence v6.1.0

Enhancement

  • A minor update has been done in the application’s normalizer for better signature handling.


Support

If you have any queries or require assistance, please feel free to contact our support team:

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

Article is closed for comments.

Follow

Related articles

  • Stix/Taxii
  • Use Case
  • AgentX Server v1.6.0
  • Universal REST API Fetcher
  • Recorded Future
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.