Muninn
The Muninn Network Detection and Response (NDR) platform enables you to forward Muninn notifications to Logpoint, where you can view and work with them as Logpoint-based incidents.
You need to download Muninn, configure it as a Log Source in Logpoint and then configure the integration in Muninn.
Logpoint recommends that before you start Muninn and Logpoint, you perform a 2-step test to make sure the integration works.
Package Details
- Dashboard Package
- LP_Muninn
-
Compiled Normalizer
- MuninnCompiledNormalizer
- Collector
- MuninnCollector
- Search Template
- LP_Muninn
- Log Source Template
- Muninn
Installation
To install Munin:
1. Click Download and install Muninn.
2. Login to Logpoint and Muninn.
3. In Logpoint, go to the Navigation Bar and click Log Sources.
4. Click Add Log Source at the top right.
5. In Add Log Source, search for Muninn and double-click it to select.
6. Click Source and then click Generate Token. This is the token that Logpoint uses to authenticate the integration with Muninn. Click the copy icon to copy it.
7. Click Routing to create repos and routing criteria for Muninn. Repos are locations where incoming logs are stored and routing criteria are created to determine the conditions under which these logs are sent to repos.
8. Click Create Log Source.
| Note: Once Muninn and Logpoint are integrated, notifications from Muninn are automatically forwarded to Logpoint. Muninn incidents are also triggered automatically without configuring the alerts in Logpoint. |
9. Go to Muninn.
10. Click the Settings icon.
11. In the drop-down, click Logpoint Integration Configuration.
12. In Notification Forwarding, click the green Plus icon.
13. Enter a Name for the Logpoint configuration.
14. In Host, enter your Logpoint’s IP/Host address.
15. In API Key, paste the key you copied when you created the Log Source.
16. In Sensor Nickname enter or type a name for the sensor. This name is displayed as incident data to inform you that the incident came from Muninn.
17. In Notification Subscriptions, select the severity level of the incident. Do you want Muninn to forward incidents with a High, Medium and/or Low severity level?
18. Click Test. If you see a confirmation message, the connection works.
19. Click Create.
User Account Management
Users in the "Logpoint Administrator" user group can view Muninn Incidents by default. However, for other users to see the incidents, a Logpoint Administrator needs to:
- Create a Logpoint User Group called "Muninn Alerts".
-
Add all relevant users to that group.
Viewing Muninn incidents is limited to those users who belong to the groups "Logpoint Administrator" and "Muninn Alerts". To learn more about Logpoint user groups, go to Adding a User Group.
Testing
To confirm Logpoint is receiving data from Muninn and creating incidents:
1. In Muninn, go to the Notifications dashboard.
2. The Category column has the name of the incident. Note down the name, and then in the address bar, copy the incident ID.
3. Click the Settings icon.
4. Click the edit icon for the Logpoint configuration you created.
5. In Test Notification, paste the incident number you copied.
6. Click Test. If you see a confirmation message, the incident was sent to Logpoint.
7. Go back to Logpoint.
8. In the navigation bar, click Incidents.
9. In the Filter sidebar, enter the name of the incident to find it.
10. Click Incident details to confirm the ID of the incident is the same as the one you tested in Muninn.
11. Scroll to the right.
12. The MUNINN REDIRECTION column lists the links back to the Muninn-based incident. Click the Investigate link. You are redirected back to Muninn where you can get more details about the incident.
Past Releases
Muninn v 1.0.0
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.