Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

SIEM Management Integration

Avatar Prithul Pokhrel
April 04, 2025 08:23
Follow

Release Version: v1.0.0

Release Date: March 7, 2025

Supported On: Logpoint v7.4.0 and Later

Download: SIEMManagementIntegration_1.0.0.pak

SHA256: 9aa4c8db8af8d68826181872c6094aald3720156e43b1a0ef5306db8a5e848d0

This integration is made up of:

  1. LP SaaS Authentication
    Enables user authentication through Logpoint Portal and is also needed for your SIEM instance. It supports end users to use Single Sign-On (SSO) for the SIEM instance where it is installed.
  2. SIEM Management Integration
    Integration for SIEM instance and SIEM Management in Logpoint Portal. Enables remote access for authorized Portal users.

Download and install the integration on your SIEM instance. You must install and set up this integration to have remote access to an on-prem SIEM instance from the Logpoint Portal.

Key Information

Open outbound port 443 on the on-prem SIEM instance before installing. 

Install SIEM Management Integration on SIEM instance

  1. Download the .pak file.
  2. In the Logpoint SIEM, go to Settings >> System Settingsfrom the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file.
  5. Click Upload.

After installing the integration, the SIEM Management Integration and LP SaaS Authentication are listed under Settings >> System Settings >> Plugins on the SIEM where you made the installation.

Enroll or Add a New Instance

  1. Login to Logpoint SIEM.
  2. In the Navigation Bar, click System Settings > Plugins.
  3. Find the SIEM Management integration. Use the search bar at the top right.
  4. Click Manage to open the integration.
  5. In ENROLL SIEM INSTANCE, you need to enter an Enrollment ID and an Enrollment Key. You get the Enrollment ID and Enrollment Key from the Portal.
  6. Login to the Logpoint Portal.
  7. In the navigation bar, click the Tenants icon.
  8. Click Enroll SIEM at the top right.
  9. In SIEM key, copy the Id. The Id is synonymous with Enrollment ID.
  10. Go back to your Logpoint SIEM instance.
  11. In SIEM Management Integration, enter the Id you copied in Enrollment ID.
  12. Go back to the Logpoint Portal and copy the Token.
  13. Go to Logpoint SIEM on your Logpoint SIEM instance.
  14. Enter the token in Enrollment Key and click Enroll.
  15. Under STATUS, Configuration: ONLINE is displayed.
  16. Go back to the Portal.
  17. Refresh the page.
  18. In the Enrolled Instances list, the instance you just added is listed, and under Connected you should see Yes.
  19. Use the Go to SIEM link in Actions to get remote access to your SIEM instance through SSO.

Comments

Article is closed for comments.

Related articles

  • Logpoint
  • LP SaaS Authentication
  • Logpoint Agent Collector
  • Microsoft Defender XDR
  • Universal Normalizer
Was this article helpful?
1 out of 1 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.