Welcome to Logpoint Community

I am currently onboarding a logpoint instance on UEBA, and I have completed the entity selection. However, I am seeing a lot of “violated logs” in the UEBA Dashboard. What should I do about this?

Hi Team,

Do we have a checklist I can share with customers about things to prepare before subscribing to Operations Monitoring?

I am looking for more of a technical requirement like firewall rules, support connection, passwords, and so on.

What is the difference between SNMP fetcher and SNMP trap collector and what should i use to get health information using SNMP?

One of our customer wants realtime health report of there critical servers in Logpoint dashboard and alert. I couldn't find any health-related logs coming from Syslog. Is there any way we can get resource utilization or uptime information on the dashboard and alerts?

Is there a limitation on the number of LP Pools or LPs a Director setup can handle or some kind of benchmark?

What do we advise customers when there is a change in theorganizational domain but the log consists of old domain. For example : the system are extracting logs linked to the old email address like @immunesecurity.com, but in AD it is @logpoint.com.

Which threat intelligence source should i use and what happens if i use multiple threat intelligence sources.

Hi Team, currently, my customer could only join two streams of data at maximum using join queries from pattern-finding expressions. Are there any recommended queries we can use two join more than two streams of data?

I understand that creating tables and using process lookup commands is one way of doing this , but creating multiple tables and populating them one by one and then using it in the query is a hassle I would not want my customer to go through. So is there some native support in the query itself for performing these multiple joins at once?

Is there any way to export CSV enrichment sources? From time to time these files are lost and it is a hassle to recreate.

I have made some changes in the director console on one of my logpoint machines, and the tasks bar shows completed. However, I am not seeing any changes in the logpoint at all. What can I do about this?

Hello!

I am receiving logs from SNMP, but the field names are incremental in nature, which have the same values as the incremental value. For an example:

oid_hierarchy_value_1 = 1

oid_hierarchy_value_2 = 2

oid_hierarchy_value_3 = 3

How can I go about extracting these fields from the logs so that I can do chart sum, average, and so on?

In the case where we need to transfer files between collectors to a data node where there is no other network connectivity than a VPN tunnel between two. Is it possible to transfer files between them? If how and using which tools and protocols?

For now, I don’t see any native option which enables me to update a list at regular interval. Because of this, I need to always run the same query regularly to update the dynamic list with new data. Is there a better approach ?

Hi Team,

Going through our user manual, it states that the entities could be selected either using LDAP OU group as an enrichment source or a CSV as an enrichment source. What are some tried and true considerations that I can help my customer decide which enrichment source to choose?

A MSSP partner is planning is to run a lightweight LogPoint collector VM at each of their customers, and then setting up the main LogPoint servers with compute and storage at their end. They will have the Open Door tunnel open to the LogPoint Collectors, but won't be able to expose the customer's Domain Controller/LDAP publicly. Therefore, the LogPoint Collector needs to collect the LDAP enrichment data from the local DC, instead of the main LogPoint server.

Is there a way of making this happen without engineering changes, such as by redirecting the main server's LDAP query through the tunnel somehow, or by the collector fetching something to a file to then send across?

Customers often raise the question whether our software is agent-based or if we have remote connector software?

Is LogPoint for SAP certified for SAP S/4HANA?

IT Operations and Monitoring has always been a crucial aspect of security for any organization. SIEM, a security incident and event management solution today needs to do much more than what it used to do, manage incidents and events.

Modern SIEMs are versatile solution covering not only your SOC demands but also provides rich visibility and accounting of NOC demands.

A typical enterprise network contains routers, switches, wireless APs, firewalls and so on. For a NOC team the availability of the devices and the performance metrics are very important information. NOC team generally use network monitoring tools in order to constantly monitor the said important informations. Modern SIEMs enables to put the NOC team under the same umbrella as the SOC.

Modern SIEMs provides visualizations, alerting and reporting capabilities for security/network events and incidents as well as real time network health related information like: Uptime, Memory/CPU Utilization, interface Tx/Rx, wireless client counts and so on. On top of that Logpoint also has a role based access control such that you can efficiently manage the SOC and NOC users.