Recently active topics
Hi folks, Another cases and playbooks question - is there a way to update the name of an existing case item from within a Playbook? By default, we are generating cases with just the incident ID for identification, but we’d ideally like to be able to update the name of the case once some additional playbooks have run.We already have a way to get the case ID etc, it’s just the renaming part we’re stuck on. Is this possible?
Hi there.So we Have a Alert rule, that alerts us when a Unknown and New Device, leases a DHCP Adress, to prevent unwanted Physical Access.Now We wanted to Enrich said DHCP log, by adding Information of our ISE/Switch Logs, so that when we get the Incident from the Alert rule, we also see what Switch and Switchport, this Unknown device is Hanging at.We are Pretty sure that should be Possible, but I haven’t figured out how yet.Cheers Mike Furrer
Sign up for our masterclass on Logpoint for SAP here: https://logpoint.zoom.us/webinar/register/WN_JGxEHTamQvq-O5OLoSJYtw Learn:What can happen to your business if your SAP system is compromised, including failure of SAP audits and loss of IP? Why is SAP seen as a blindspot in any security strategy? Incorporating SAP into a cybersecurity platform that includes SIEM, SOAR and UEBA can provide consistent insight into what is happening across the organization.
Hi,I have been looking into how to get an overview over actions taken by an Security Analyst whilst using the Incidents view on Logpoint.Therefore i have created this Search Query to get an overview over Incdents and Actions.Repository to be searched on is _LogPointincident_id = * | chart count() by incident_id, log_ts, alert_id, status, action, user, alert_name, comment order by incident_id, log_ts asc Hope this could be useful.Best Regards,Gustav
Receiving logs is one of the cure features of having a SIEM solution but in some cases logs are not received as required. In our newest KB article, we are diving into how to monitor log sources using Logpoint alerts to detect no logs being received on Logpoint within a certain time range.To read the full article, please see the link below: https://servicedesk.logpoint.com/hc/en-us/articles/5734141307933-Detecting-devices-that-are-not-sending-logs-
Hi folks,Is there a way to update a case with the output of a Playbook?For example, if I have a Playbook that checks an IP Reputation, is there any way I can get the Playbook to update the case to display the reputation response as an actual Case Annotation or something of the sort?
Hallo zusammen,wir haben ein weiteres Event mit spannenden Themen geplant: Logpoint Spotlight - The case for consolidationEs findet virtuell am 15.9. um 3 Uhr statt.Business Spotlight – Consolidation and efficiencies of scaleChristian Have - Logpoint CTO. Too many security tools are a burden on security teams, so after you consolidate your security tools, how do you ensure you get more efficient threat detection and response across your threat landscape? Join Christian Have, Logpoint CTO, as he talks about what happens after consolidating security tools into one converged solution.Product Spotlight : The road to cloud and converged SIEM. Jason Diesel - Senior Sales Engineer, LogpointMore organizations are implementing a cloud first strategy but how does that transformation process look and is a cloud based SIEM the next step for your organization? Join Logpoint’s product team who will be taking you on the journey towards cloud based SIEM, SOAR and UEBA services. In the session the te
Already have an account? Login
Login to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.LOGIN AS PARTNER OR CUSTOMER Login with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.