Help Center Logpoint Docs Idea Portal Logpoint.com

- - Knowledge base
Groups
Events

Community
Search

Recently active topics

11 Topics

Recently active

Most views Most replies

markus.nebel@8com.deBrainy

asked in Searching & Analytics

Performance Question: Has the order of search parameters influence on search performance?

Hi everyone!does anyone know if it makes any difference how you order the search parameters in a search query? example:event_id=1234 event_channel="Security"vs.event_channel="Security" event_id=1234

5 hours ago

Andre KurtzInspiring

asked in Normalization & Parsing

Problem adding McAfee ePo server via Syslog

We configured our McAfee ePO (5.10) server to send its logs to a syslog server and configured it in the LP accordingly. Yet, when using the “Test Syslog” Feature in McAfee ePO, the test failed. Nonetheless, we are receiving logs from the server, but they only contain gibberish. LP raw logs This is as far as i think not a problem with normalization, as a tcpdump also shows the log payload not being human readable.tcpdumpI already tried to change the charset min the log m,collection policy from utf_8 to iso8559_15 and ascii, to no avail. I found following McAfee (KB87927) document, which says:ePO syslog forwarding only supports the TCP protocol, and requires Transport Layer Security (TLS). Specifically, it supports receivers following RFC 5424 and RFC 5425, which is known as syslog-ng. You do not need to import the certificate used by the syslog receiver into ePO. As long as the certificate is valid, ePO accepts it. Self-signed certificates are supported and are commonly used for this

15 hours ago

Alexandru ILIOIUParticipating Frequently

asked in Searching & Analytics

Data privacy on dashboards

I have activated the “Data Privacy” module and configured the fields, concerned groups, etc.I have a dashboard whose query contains one of the “encrypted” fields defined into “data privacy” module. Since activation, the dashboard is not displaying information anymore.There is a way to allow (via request/grant or something else) the dashboard to display the information ? Thanks,Alexandru

3 days ago

MicropoleKnown Participant

asked in Use cases

SOAR Playbook Creation From LogPoint Alerts

Hi,I need your help regarding the SOAR. In fact, I have just started the SOAR and I want to create a playbook From LogPoint alerts in order to block an IP@ or an action. Could please help me ? How can I do that ? Thank you in advance. Regards,Siawash

3 days ago

Alexandru ILIOIUParticipating Frequently

asked in Searching & Analytics

Usage of computed fields into process functions

The following query put the result of processing function as “null” :| chart max(log_ts) as maxlogts | process format_date(maxlogts,'YYYY/MM/dd') as endDate | fields maxlogts, endDate I think the field “maxlogts” is not retrieved/recognized by function format_date().There is a way to obtain the field “endDate” not null ?

4 days ago

Sophia ZangenbergCommunity Manager

posted in Masterclass - English

Masterclass - April - Search templates

Please find the recording of today's Masterclass with the attached presentation deck. Thank you for joining in and don't forget to sign up for our next one on the 14th of May covering Phishing. Sign up here for the rest of the year:https://logpoint.zoom.us/webinar/register/7517060105408/WN_CwWwZ4iyQ9W40veCl13_Xg

7 days ago

Gabriel LayanaNew Participant

asked in Use cases

How to configure AbuseIPDB instance in LogPoint SOAR

Hi everyone,I need to check some source addresses in my playbooks and I want to use AbuseIPDB for this action, but I can’t finish configuring AbuseIPDB instance and obtain some errors. Could you help me with the correct configuration for this instance in SOAR LogPoint Playbook integrations?. I have my api_key but I don’t know what is the correct base_url and threshold parameters if I need to review IP address. I hope your help Regards Gabriel

8 days ago

Kai GustafsonKnown Participant

asked in Community feedback

When you comment a members reply there can go weeks before admin let your responce true.

Why is your admin’s so slow to approve answers, this is verry bad for people asking about a topic, they lose interest when it seems like no answers or suggestions are given. I have now several times waited for weeks to see my suggestions get through. This should be instant, or you should remove the approve process !!! Best regards Kai

9 days ago

Gökhan GökNew Participant

asked in Searching & Analytics

several if-else

Hi everyone, i have a issue:I am writing a query. My query contains more than one if-else. However, because there are too many if-else, it does not return any result and gets stuck in “searching”. I wonder if there is a limit for else-if? If there is a small amount of else-if, it works, the query works, but if there is too much, unfortunately it doesn't work. I need help with this!!! since the values corresponding to each condition are different, I should use the else-if structure. I am open to different solution methods by the way.The query I wrote is as follows (here I just wanted to draw attention to the amount of else-if)I also get the following error: “No Response from server”alert=*| process eval("foo=if(alert=='xyz1') {return 1.2}else-if(alert=='xyz2') {return 1.0}else-if(alert=='xyz3') {return 1.21}else-if(alert=='xyz4') {return 1.2}else-if(alert=='xyz5') {return 1.29}else-if(alert=='xyz6') {return 1.25}else-if(alert=='xyz7') {return 1.29}else-if(alert=='xyz8') {return 1.200}el

23 days ago

Gökhan GökNew Participant

asked in Normalization & Parsing

Normalisation for Miliseconds

<123>2024-01-11T11:11:11.123Z hostnameI want to remove two fields from the above rohdaten using normalization, so to say. After normalization I should have the following fields:milliseconds=123log_ts=2024-01-11T11:11:11ZCan I do this in normalization (or signature)? If yes, can you write me the normalization/signature rule? This problem can be solved like this:| <<:int>><log_ts:datetime_m> <host:all>but I don't want that. I want to separate my fields at the beginning using normalization.

27 days ago

Mike FurrerInspiring

asked in Configuration

Director Won´t let me Delete Device

Good Day EveryoneWhen trying to delete a device asset I get hit with this error “ Random hostname (Not the host name of the device I am trying to delete) does not appear to be an IPv4 or IPv6 network “And it won´t let me delete the device,I am not sure what to do about this, help would be greatly appreciated.

30 days ago

Badge winners

Gustav Elkjær Rødsgaardhas earned the badge Valued Contributor
Gustav Elkjær Rødsgaardhas earned the badge Easy talker
Gustav Elkjær Rødsgaardhas earned the badge Conversation starter
Gustav Elkjær Rødsgaardhas earned the badge Innovator
markus.nebel@8com.dehas earned the badge Silver Contributor

Show all badges

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.