SOAR - Architecture & Configuration
-
Unable to see some Pre-configured Playbook Guides
Hi,
I cannot see following Pre-configured Playbook Guides https://docs.logpoint.com/soar?p=Logpoint&page=Pre-configured%20Playbook%20Guides .
-
Brute Force Detected - Multiple Unique Sources Playbook
https://docs.logpoint.com/docs/brute-force-detected-multiple-unique-sources-playbook/en/latest/ -
Credential Dumping - Registry Save Playbook
https://docs.logpoint.com/docs/credential-dumping-registry-save-playbook/en/latest/ -
Default Brute Force Attempt Multiple Sources Playbook
https://docs.logpoint.com/docs/default-brute-force-attempt-multiple-sources-playbook/en/latest/ -
Password Spray Playbook
https://docs.logpoint.com/docs/password-spray-playbook/en/latest/ -
PsExec Tool Execution Detected Playbook
https://docs.logpoint.com/docs/psexec-tool-execution-detected-playbook/en/latest/
All links direct to the page showing
Permission Denied
You don't have the proper permissions to view this page. Please contact the owner of this project to request permission.How can I see these pages?
Best,
Kaz
-
Brute Force Detected - Multiple Unique Sources Playbook
-
Playbook not executed when alert is triggered
Hello,
I am trying to set up the launch of a plugin when an alert is triggered.
My alert appears to be working correctly; I receive an email every time it is executed.According to the documentation, I've set up the trigger on my Logpoint search node like this:
SELECT * FROM LogPoint WHERE alertrule_id = 'xxxxxxxxxxxxxxxxxxx' OR name = 'Detection of a Threat 2'
I have also tried SELECT * FROM LogPoint WHERE alertrule_id LIKE '%xxxxxxxxxxxxxx%'
Unfortunately, when an alert is triggered, the playbook is not executed.
Do you have any idea what might be causing this issue? Am I missing something?
Regards,
Julien -
Adding IP into LIST
Hi folks,
How can I add IP into LIST in playbook?
I have created playbook where I am extracting malicious IP and want to add into LIST(SOAR). It would be great if someone have idea which node I should use or any other way?
-
how to configure AbuseIPDB instance
Hi everyone,
I need your help. I need to check Public IP Address in my playbook to obtain some information about it. I want to use AbuseIPDB but I’m obtaining error.
Bad/missing Action inputs! Details: Bad rest-action url: base url/check
I think the error is in my AbuseIPDB’s instance configuration. What is the base_url and threshold that I have to configure? I have my API Key ready.
Thanks for your help.
Regards,
Gabriel
-
Capture Raw Logs into SOAR Parameter
Is there a way to capture raw logs and use them as field parameter?
-
About director console
can you share some useful commands used in backend for our knowledge like how to find installed version of director console etc..
-
Introducing: Certified Logpoint SOAR Training
We are delighted to announce the launch of our new Certified SOAR User Training.
Throughout the full day training session, a LogPoint Certified SOAR Expert will display and explain the features of the SOAR solution, look into real-world use cases, highlight best practices and how all the various blocks of Logpoint SOAR can be combined for maximum efficiency.
The first course debutes on October 24th, and will recur monthly. (For the other upcoming dates, please see below.)
For further inquiries about registration and pricing, please contact your local Logpoint representative or email to csz@logpoint.com
Course Schedule Q4 2022 / Q1 2023:
- Monday October 24th 9 AM-5 PM CET
- Monday November 28th 9 AM-5 PM CET
- Monday December 12th 9 AM-5 PM CET
- Monday January 23rd 9 AM-5 PM CET
- Monday February 20th 9 AM-5 PM CET
- Monday March 20th 9 AM-5 PM CET
For more information, please visit logpoint.com/LogpointAcademy
*All courses are held online
-
Where the to find detail about type of log can be collect from different device
Hi,
I want to know the information about all the data/logs that will be captured by LOGPOINT SIEM from different devices such as Firewall the logpoint SIEM can captures is syslog. So how about the others supported device/sources such as workstation /switches ? and where in Logpoint site/portal that we can to find this info?
Actually we want to list out detail for every device that can give us easy to forward log to logpoint siem.
-
Set logpoint as collector and SOAR
Hi ,
I have a question regarding configuration of Logpoint. Can we set logpoint as a collector andat the same time with enable the SOAR? Can we only use one server and set as one console for both?
-
Connecting FortiSIEM with LogPoint SOAR
Hi,
Can FortiSIEM from Fortinet product connecting to LogPoint SOAR?
IF yes, can share with me the step or the action needed.
-
Can LogPoint SOAR integrate with other SOAR platforms, such as Palo Alto XSOAR, Swimlane, etc?
LogPoint SOAR will become a native part of LogPoint 7, releasing Q4 2021. LogPoint continues to believe in the value of partnering with third-party solutions, including SOAR providers, to extend the value of LogPoint. We will continue investing in and expand our integrations with market-leading providers.
-
LogPoint introduces native SOAR into core SIEM offering, advancing cybersecurity automation and efficiency
We are excited to announce the successful completion of our acquisition of Tel Aviv-based SecBI . SecBI’s universal SOAR and XDR technology will integrate natively with LogPoint to form an integrated, foundational Security Operations platform. SOAR will be released with LogPoint 7.0 in December 2021, and XDR will be introduced in Q2 2022.
Until then, check out the SOAR product brochure attached herewith and join our webinar on October 12 to:
- Learn how automatic response playbooks reduce the mean time to respond
- See a product demo of common use cases
- Understand the value of truly native response capabilities in LogPoint SIEM