Hi Team,
Can we tag the device criticality in logpoint,
We are looking to create notification for critical and high severity devices.
Userlevel 4
+7
There are multiple ways in which you could do this:
- Using Device Groups, and using those in the Alert queries - e.g. create the same alert several times, once for when the device is in a specific group, and again for when it isn’t, and then give the alert rule a different criticality
- Using lists - similar to the above, but not specifically configured on the device itself, but instead in a list that contains the device names, IP addresses or other identifiers, and then using the lists in alert queries as above
- Using enrichment and a lookup table - the information about a device’s criticality could be present in a lookup table and then used for enrichment, where this additional information is baked into the logs when it arrives. The enrichment source could even be an external database or CSV where this information is maintained. The enriched information could then again either be used for modified alert rules, or just shown alongside the other information from the logs (e.g. through the Jinja template on the alert).
There’s probably other ways of dealing with this but hopefully it has given some ideas.
Userlevel 1
thanks for the quick reply.Iam looking for option 2 and 3 .
For thats where should the lists /csv need to be uploaded? In the settings >>device groups
or any other place .
iam thinking to build a network or asset model in Logpoint.
If you have any documentation ,please provide .
Thanks
Satya
Userlevel 4
+7
CSV is an enrichment source, so you find it under “Configuration”. You can either upload a CSV through the browser, or point LogPoint at a URL where a web server hosts the CSV file. There’s no specific documentation on device criticality, but enrichment sources of any kind are covered in the manual (https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/Enrichment%20Sources.html) together with enrichment policies (https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/Enrichment%20Policies.html), and also the User Training course.
Userlevel 2
+1
Isn’t this related to availability?
If you use the Confidentiality, Intergrity & Availability option when creating devices in LogPoint, then if you set availability to major or critical, then when creating alertrules you can use that for the calculating the risk-value.
Creating an Alert Rule — Alerts and Incidents latest documentation (logpoint.com)
Regards
Hans
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.