Alert Rules
Alert Rules consist of alert packages, a dashboard package and Knowledge Base (KB) lists for analytics integrated into Logpoint. It provides a compliance and triage dashboard, enabling you to analyze trends and behaviors of entities and users within the organization and perform defensive gap assessment with MITRE ATT&CK.
Enhancements
Description | Issue ID | Reference ID |
---|---|---|
Added the following new Alert Rules:
For more details, see MITRE ATT&CK. |
|
-
|
Updated query and description of the following Alert Rules:
|
||
Removed the following generic and redundant Alert Rules:
|
Past Releases
Alert Rules v5.4.14
Release Date: July 17, 2024
Supported On: Logpoint 7.4.0 or later
Download: Alert_Rules_5.4.14.pak
Enhancements
Description | Issue ID | Reference ID | ||||||
---|---|---|---|---|---|---|---|---|
Added a new Alert Rule - LP_Behavior Related to Named Pipe Impersonation to detect suspicious events such as creating a named pipe or creating a service with a named pipe.
For more details, see MITRE ATT&CK. |
KB-25063 |
-
|
||||||
Updated query and description of the following Alert Rules:
|
||||||||
Renamed and updated query of the following Alert Rules:
|
||||||||
Removed the following generic and redundant Alert Rules:
|
Alert Rules v5.4.13
Release Date: May 17, 2024
Supported On: Logpoint 7.4.0 or later
Download: Alert_Rules_5.4.13.pak
Enhancements
Description | Issue ID | Reference ID | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Added the following new Alert Rules:
For more details, see MITRE ATT&CK. |
KB-24605, KB-24012, KB-24567, KB-24603, KB-23839, KB-24555 |
-
|
||||||||||||||||||||
Updated query and description of the following Alert Rules:
|
||||||||||||||||||||||
Renamed and updated query of the following Alert Rules:
|
||||||||||||||||||||||
Removed the following generic and redundant Alert Rules:
|
||||||||||||||||||||||
Added CHROME_VPN_EXTENSIONS Knowledge Base (KB) list to search for logs associated with the LP_Chrome Addition of VPN Extension alert rule. |
Alert Rules v5.4.12
Release Date: April 25, 2024
Supported On: Logpoint 6.7.0 or later
Download: Alert_Rules_5.4.12.pak
Enhancements
Description | Issue ID | Reference ID |
---|---|---|
Added the following new Alert Rules:
For more details, see MITRE ATT&CK. |
KB-24224 | - |
Updated query and description of the following Alert Rules:
|
Alert Rules v5.4.11
Release Date: February 05, 2024
Supported On: Logpoint 6.7.0 or later
Download: Alert_Rules_5.4.11.pak
Enhancements
Description | Issue ID | Reference ID |
---|---|---|
Updated query and description of the following Alert Rules:
|
KB-23597 | - |
Renamed the LP_Possible Impacket Lateralization Detected alert rule to LP_Possible Impacket Lateral Movement Detected. |
||
Removed the following generic and redundant Alert Rules:
|
||
Removed the following Knowledge Base (KB) lists that are associated with the removed Alert Rules:
|
Alert Rules v5.4.10
Release Date: December 22, 2023
Supported On: Logpoint 6.7.0 or later
Download: Alert_Rules_5.4.10.pak
SHA256: 0ff96dee2914911154506129146a395217fa7173ae89655218fee7f810d2cb19
Enhancements
Description | Issue ID | Reference ID |
---|---|---|
Added the following new generic Alert Rules for endpoint protection platforms like CrowdStrike and Microsoft Defender for Endpoint that generate high or medium severity alerts:
For more details, go to MITRE ATT&CK. |
KB-22909 |
-
|
Removed the LP_Service Stop Detected alert rule which is no longer relevant. |
KB-23165 |
- |
Alert Rules v5.4.9
Release Date: November 28, 2023
Supported On: Logpoint 6.7.0 or later
Download: Alert_Rules_5.4.9.pak
SHA256: ea02401590e6f1f9a023b68c4f091a12952df07de8e35b3b860a07f0d4a86201
Enhancements
Description | Issue ID | Reference ID | ||||
---|---|---|---|---|---|---|
Added the following new Alert Rules:
For more details, see MITRE ATT&CK. |
KB-22359, KB-22562 | - | ||||
Updated query and description of the following Alert Rules:
|
||||||
Removed the following generic and redundant Alert Rules:
|
||||||
Renamed and updated query of the following Alert Rules:
|
||||||
For Knowledge Base (KB) list:
|
Alert Rules v5.4.8
Release Date: October 20, 2023
Supported On: Logpoint 6.7.0 or later
Download: Alert_Rules_5.4.8.pak
SHA256: 94e707efe42d4fd6008dc5f5e05dae06c94d440fd9dd4be4094b5f51256ae574
Enhancements
Description | Issue ID | Reference ID | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Added the following new Alert Rules:
For more details, see MITRE ATT&CK. |
KB-22484 | - | ||||||||
Updated query and description of the following Alert Rules:
|
KB-20512 | - | ||||||||
Removed the following generic and redundant Alert Rules:
|
||||||||||
Renamed and updated the following Alert Rules:
|
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.