Release Version: v1.0.0
Release Date: March 7, 2025
Supported On: Logpoint v7.4.0 and Later
Download: SIEMManagementIntegration_1.0.0.pak
SHA256: 9aa4c8db8af8d68826181872c6094aald3720156e43b1a0ef5306db8a5e848d0
This integration is made up of:
- LP SaaS Authentication
Enables user authentication through Logpoint Portal and is also needed for your SIEM instance. It supports end users to use Single Sign-On (SSO) for the SIEM instance where it is installed. - SIEM Management Integration
Integration for SIEM instance and SIEM Management in Logpoint Portal. Enables remote access for authorized Portal users.
Download and install the integration on your SIEM instance. You must install and set up this integration to have remote access to an on-prem SIEM instance from the Logpoint Portal.
Key Information
Open outbound port 443 on the on-prem SIEM instance before installing.
Install SIEM Management Integration on SIEM instance
- Download the .pak file.
- In the Logpoint SIEM, go to
Settings >> System Settings
from the navigation bar and click Applications. - Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
After installing the integration, the SIEM Management Integration and LP SaaS Authentication are listed under Settings >> System Settings >> Plugins
on the SIEM where you made the installation.
Enroll or Add a New Instance
- Login to Logpoint SIEM.
- In the Navigation Bar, click System Settings > Plugins.
- Find the SIEM Management integration. Use the search bar at the top right.
- Click Manage to open the integration.
- In ENROLL SIEM INSTANCE, you need to enter an Enrollment ID and an Enrollment Key. You get the Enrollment ID and Enrollment Key from the Portal.
- Login to the Logpoint Portal.
- In the navigation bar, click the Tenants icon.
- Click Enroll SIEM at the top right.
- In SIEM key, copy the Id. The Id is synonymous with Enrollment ID.
- Go back to your Logpoint SIEM instance.
- In SIEM Management Integration, enter the Id you copied in Enrollment ID.
- Go back to the Logpoint Portal and copy the Token.
- Go to Logpoint SIEM on your Logpoint SIEM instance.
- Enter the token in Enrollment Key and click Enroll.
- Under STATUS, Configuration: ONLINE is displayed.
- Go back to the Portal.
- Refresh the page.
- In the Enrolled Instances list, the instance you just added is listed, and under Connected you should see Yes.
- Use the Go to SIEM link in Actions to get remote access to your SIEM instance through SSO.
Comments
Article is closed for comments.