Help Center Logpoint Docs Idea Portal Logpoint.com

Design & Architecture

Stay up to date with the latest & greatest

  • 51 Topics
  • 113 Replies

51 Topics

Brian Hansen
LogPoint Team
Brian HansenLogPoint Team
posted in Design & Architecture

New Logpoint 7.2.0 is ready

The 7.2.0 version is out. Read about it here: https://servicedesk.logpoint.com/hc/en-us/articles/10065818192669-Logpoint-v7-2-0.During April, Logpoint will host a Webinar giving more insights into the new features. Look for it in your e-mail inbox or here on the Community/ Brian Hansen, Logpoint 

1
markus.nebel@8com.de
1 month ago
markus.nebel@8com.de
markus.nebel@8com.deBrainy
posted in Design & Architecture

New Ideas in Ideas Portal

Hello together!I hope you all look regularly in the idea portal?I have submitted some ideas that I wanted to draw attention to here:Separate SOAR from SIEM Installation- and Update Packages The update and installation packages have grown in size a lot since SOAR was introduced. The idea asks to un-bundle the SOAR package so that you don’t have to transfer and install 1.5 GB of update package, while the SOAR uses 1.4 GB of it. Preselect Dropdown Values if there is only one option In the UI there are some dropdowns where usually you have only one selection option. If so, this should be preselected, so you can save some click-work. Implement Overview for Live Searches It would be helpful to know how fast the responses of the live searches in your system are available to estimate which live searches can be optimized or consume the most resources. Director: Add configuration object overview and filtering In the Director Console UI we need a better overview of all available configuration obj

1
Brian Hansen
LogPoint Team
2 months ago
D
Douglas AmesinuNew Participant
asked in Design & Architecture

Custom Layout Template in search Master?

Trying to create a custom layout template for a report for a client using the LPSM but unable to. 

2
D
3 months ago
M
Mads PedersenInspiring
asked in Design & Architecture

Excel Exports contain HTML encoding - How to avoid?

When exporting to Excel the field ‘msg’ contains the same HTML encoding as the GUI.This is how some example data are shown in the GUI: This is how the Excel Speadsheet looks like for the same data: This is the sourcecode for the tabel in the GUI, which shows that it contain the same html <span> tags:Is it possible to get the Excel Export without html encoding in the msg field?Perhaps it could be an option to enable/disable html <tags> in exports in the preferences menu? 

10
A
3 months ago
Sandesh Bushal
LogPoint Team
Sandesh BushalLogPoint Team
posted in Design & Architecture

Fetching logs from Google Workspace

Some of our customers have requested logs from Google Workspace. The logs requirements range anywhere from email logs to drive usage logs. What features do we have currently to work on these sort of logs?I could not see any features mentioned in the LP Help center. Are we working on this one?

2
A
LogPoint Team
3 months ago
HansHenrikMoerkholt
HansHenrikMoerkholtInspiring
posted in Design & Architecture

Universal Normalizer

Think this is good news that should incite more people to take on the task of creating their own normalization packagehttps://servicedesk.logpoint.com/hc/en-us/articles/8874831748253-Universal-Normalizer

1
Irakli Edjibia
LogPoint Team
4 months ago
A
Anonymous
posted in Design & Architecture

SAML Authentication v.6.0.1 is now available on the Logpoint Help Center

Dear all, The newest version of the SAML authentication application enabling users to log into LogPoint using the SAML Identity Providers (IdPs)  is now publicly released on the Logpoint Help Center. For more information and downloading instructions, please visit the link below.https://servicedesk.logpoint.com/hc/en-us/articles/360002185778

0
A
4 months ago
E
Edgar FastNew Participant
asked in Design & Architecture

Merge Repos

Hi all,we started using LogPoint and created repos for every device type. Now that we have 20+ repos i want to optimize this process and group devices by functionality (e.g. email, remote access). So my intention is to create an new repo for every functionality and modify the routing policies. I think this should work but there is a great time span where i have to search in the “new” and the “old” repo because of retention times of 90 or more days.Is there a smart way to copy the content from one repo to another so that i can get the optimizing done in a short time and this will not take 90+ days?Bestedgar

4
E
4 months ago
A
Andre KurtzInspiring
asked in Design & Architecture

Incident Management - Is it possible to automatically close cases ?

For our customer we currently have several alerts implemented. The customer has a rather small security team only interested in receiving email notification whenever an incident is triggered. So, the build in management incident of LogPoint is not used and all and i delete all open cases on a regular basis.However, for auditing reasons, for some incidents posing a major risk they would now like the security personal to use the incident management system by LogPoint and want them to resolve the cases there. All other incidents should, if possible, not be visible to them. Right now, i would assign these high risk alerts to the security personal so that are able to read and resolve them within LogPoint. Incidents with a lower risk would be assigned to me or a dummy group, and i would continue to regularly delete them manually. But i am wondering whether there is a better way: Does triggering an alert automatically have to create an incident, or is it possible to configure that only alerts

1
Nils Krumey
LogPoint Team
4 months ago
Piotr Moroz
Piotr MorozNew Participant
asked in Design & Architecture

Support Connection GDPR compliance

Hi,can anyone point me to terms & conditions describing compliance with GDPR regarding LogPoint support access using Support Connection functionality in LogPoint & Director? Or description what data can be accessible by support?Best Regards,Piotr

1
A
5 months ago
S
Srijan KafleInspiring
asked in Design & Architecture

Logpoint collector behind NAT

Hi Community, We have a distributed collector in a remote location. We have established a Site-to-site VPN between locations. The scenario is that the IP Address of the collector is in NAT and mapped to a different IP than that of the actual host IP. For E.g the system IP of collector is 172.29.20.80 and the IP of the collector as seen by the Remote Logpoint is 172.22.2.2.  We have made the necessary configuration and ensured the Collector is visible in the logpoint. However, the IP as recorded by Logpoint is the actual system IP (Not the IP Logpoint should recognize it as). The issue is the status is Inactive stage.  Is this due to the difference in host IP and NAT address?  

7
Brian Hansen
LogPoint Team
6 months ago
H
HeretoforeNew Participant
asked in Design & Architecture

Backup best practices

Hello,I’m designing my backup. So far in the documentation, I’ve read two options: application snapshot and application backup, both are writing to the local disk.Let’s put aside the configuration backup as it’s less than 1 GB. The real challenge comes with backing up repos.In an on-prem infrastructure, backups are stored in the backup infrastructure, with VTL and so on. There’s no way I can request to double the size of the repo disk just to store a consistent backup that I will have, then, to transfer to the backup infrastructure.In a cloud infrastructure, the backup would go directly to the object storage such as S3 Glacier. Neither would we rent a disk space used only during backup, though it might be easier to do in a cloud environment.In addition to the backup and snapshot methods from the documentation, I should add the option of disk snapshot, either from the guest OS or from the disk array (only for on-prem infrastructure). These would provide a stable file system onto which t

2
Rupsan Shrestha
LogPoint Team
6 months ago
B
Brandon AkalNew Participant
asked in Design & Architecture

Qualys vulnerability management integration

Hello, We’re looking at integrating our Qualys VM scans into our Logpoint instance. I was hoping to pick someone's brain about this. Does this only work on singular Qualys accounts, or will it work on MSSP/Consultant editions? Many thanks,

2
Nils Krumey
LogPoint Team
8 months ago
J
JohannNew Participant
asked in Design & Architecture

LogPoint SIEM HDFS support and configuration

Hi, does Logpoint support HDFS do store data e.g. on an DELL ECS object storage?If yes, how must this be configured in best practice?Thanks.Best Regards,Johann

1
Nils Krumey
LogPoint Team
9 months ago
HansHenrikMoerkholt
HansHenrikMoerkholtInspiring
asked in Design & Architecture

device export script

HiToday I have a Python script for exporting devices in to a csv-file with the following fields:device_name,device_ips,device_groups,log_collection_policies,distributed_collector,confidentiality,integrity,availability,timezoneDoes a script exist that also extract the additional fiels:uses_proxy, proxy_ip, hostnameThis will make moving devices from LogPoint 5 to LogPoint 6 considerably more easy. RegardsHans

9
Reinhard Vielhaber
9 months ago
HansHenrikMoerkholt
HansHenrikMoerkholtInspiring
asked in Design & Architecture

The use of certificates in LogPoint

HiI need a description of the usage of cerificates in LogPointWhat are the recomandations?Which certificate are stored where?Which cautions should be taken when replacing certificates?the location of each respective certificateHTTPS Syslog SSL LPARegardsHans

3
Reinhard Vielhaber
9 months ago
markus.nebel@8com.de
markus.nebel@8com.deBrainy
asked in Design & Architecture

Does the Open Door use the Syslog Collector TLS Certificate?

Wir haben einen Kunden, der das neue Feature zum Hochladen der SSL/TLS Zertifikate für den Syslog Collector über die Web Oberfläche genutzt hat. Does this have any effect on the certificates used by OpenVPN?Because currently, after configuring the Distributed LogPoint, we see in the OpenVPN client log (/opt/immune/var/log/service/remote_con_client_xx.xx.xx.xx/current) that the certificate cannot be verified:2022-01-04_11:12:48.10967 Tue Jan  4 11:12:48 2022 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: XXX  

1
Reinhard Vielhaber
9 months ago
S
Sascha ScholzNew Participant
asked in Design & Architecture

max amount of Repos

Hello Guys,is it possible to use/create 16 repositories per LogPoint environment only?What if I like to separate my data in 30 different repositories for managment and access right purposes, is there a way to do that and are there benefits or drawbacks for this situation?Thanks in advance. BR,Sascha

3
S
LogPoint Team
10 months ago
A
Anonymous
posted in Design & Architecture

New in KB: How to use NFS storage as backup directory?

Hi All, We are excited to share a new knowledge base article guiding you through the steps on how to use NFS storage as backup directory. You can access through the following link.  https://servicedesk.logpoint.com/hc/en-us/articles/5068106299805-How-to-use-NFS-storage-as-backup-directory-

0
A
11 months ago
A
Anonymous
posted in Design & Architecture

Microsoft Defender ATP v5.1.0 is now released

Dear all,Microsoft Defender ATP v5.1.0 is now released and publicly available on the Help Centre via the link below: https://servicedesk.logpoint.com/hc/en-us/articles/360007378817

0
A
11 months ago
Ash Scott
Ash ScottInspiring
asked in Design & Architecture

SSL certificates for Web Interface with 1x Root CA and 2x Intermediaries

Hi folks,We’re hoping to add some SSL certificates to our LogPoint installation for the web interface, but just wanted to clarify some information. We currently have SSL certificates with a Root CA and 2 intermediaries - do these need to be combined into a fullchain certificate, or does each part need to be put somewhere else in the LogPoint installation?I saw this post with a reply from Nils referencing the CSR, which is great, but we just want to make sure that we’re putting the certificates in the right place.If the certificate files do need to go somewhere else, I’m assuming they can’t be uploaded via the web interface?

4
Ash Scott
1 year ago
H
Hans VedderNew Participant
asked in Design & Architecture

Which firewall ports should be opened for logpoint server?

Hi,on my firewall I opened port 443 to destination customer.logpoint.com (172.67.190.81 and 104.21.76.59). Now I see on the firewall that the server tries to open connections to the ip addresses 104.16.37.47 and 104.16.38.47 through port 443. Are these connections also needed?Best regards,Hans Vedder

6
Basudev Raut
LogPoint Team
1 year ago
markus.nebel@8com.de
markus.nebel@8com.deBrainy
posted in Design & Architecture

Ideas: How to automatically (unit) test alert rules?

We use a large and growing number of self-developed alert rules for our customers, which we manage and develop further in an internal git repository via gitlab. For quality assurance in the continuous integration process, we still need a way to test the alert rules automatically.The idea is to check whether each alert rule triggers on the necessary events and behaves as expected in borderline cases. Very similar to unit testing in software development, just for alert rules instead of source code.Our idea so far is as follows:Connect an up-to-date LogPoint as a virtual machine as a QA system to our Director environment Create a snapshot of the "freshly installed" state Restore the snapshot via script from the gitlab CI pipeline Use the Director API to add a repo, routing policy, normalizer policy, processing policy for the different log types Use the Director API to add a device and syslog collector with the corresponding processing policy for each log type Use the Director API with our

4
markus.nebel@8com.de
1 year ago
K
Kai GustafsonParticipating Frequently
posted in Design & Architecture

After update to 7.0 TimeChart does not work anymore

Be aware if your are going to upgrade to 7.0 there are a bug in TimeChart function, and will not work.Answer from support:            Hi Kai​,            We are extremely sorry for the inconvience caused by it, fixes has been applied in upcoming patch for 7.0.1 So if you need it, maybe you should wait to 7.0.1 are out. Regards Kai

6
A
1 year ago
Nicolai Thorndahl
LogPoint Team
Nicolai ThorndahlLogPoint Team
posted in Design & Architecture

High Availability Repos usage

While deploying LogPoint with High Availability repos I did a few tests scenarios on how HA behaves that I thought would be relevant to share.Repositories can be configured as high availability repositories which means that the data is replicated to another instance. This means that logs will be searchable in a couple of scenarios:First scenario, if the repo fails on the primary datanode (LP DN1) it will be able to search in the HA Repo_1 on the secondary datanode (LP DN2). This could for instance be that the disk was faulty or removed or the permissions on the path were set incorrect. This scenario can be seen in the picture below where the Repo 1 which is configured with HA, on the primary datanode (LP DN1) is unavailable, but still searchable as the secondary data node (LP DN2) still has the data in the HA Repo 1 repo. In this scenario the Repo 2 and Repo 3 are still searchable.First HA scenario where one HA repo failsIn the second scenario If the primary data node (LP DN1) is shutd

2
Nicolai Thorndahl
LogPoint Team
1 year ago

Badge winners

Show all badges
Terms & ConditionsCookie settings