Help Center Logpoint Docs Idea Portal Logpoint.com

Unanswered questions

171 Topics

M
mimn2gNew Participant
asked in Design & Architecture

Newbie: Distributed Logpoint

hello guys, good daynewbie here and I am taking overed from our previous employee. correct me if I’m wrong since it is still in final design I need to deploy distributed LP in customer environment, we provide them 2 ESXi and this is our 1st customer migrated from Microfocus. The components are: (current)search head x1 distributed logpoint x1 log collector x2 (collect log for on-prem x1, collect log for cloud but sitting on prem)for windows, planning to use LPA and the rest syslogIssue 1:I do some testing and I realized all the API or Cloud Trail configuration directly into DLP. Reason I am thinking, we do not need the LC on this case and the pros is we have the opportunity to turn on SOAR features also increase the specification/storage for DLP.Do I need to turn on this DLP as collector also?Issue 2:license: 325 nodes (300 servers/security/network and 5 API: sophos, office365 and 1: AWS cloud trail)I believed 325 nodes will be installed inside the DLP and but not sure about SH and LC,

0
M
9 days ago
M
MicropoleKnown Participant
asked in APIs & automation

Implementation the SMS feature throught LogPoint

Hi,I’m intressted in implementing the SMS feature through LogPoint. However, to activate this functionality, I need an SMS hosting service. Could you tell me if LogPoint offers an SMS hosting service ? If so, what is the procedure to set up this feature ? If LogPoint doesn’t provide SMS hosting, could you recommend a good SMS hosting service, compatible with LogPoint ?  Thank you in advance. Siawash,

2
M
10 days ago
M
MicropoleKnown Participant
asked in Configuration

Adding Device to logpoint

Hi,I had added a device into the logpoint and I have done all the steps of this documentation Devices — Data Integration latest documentation (logpoint.com).However, the logpoint didn’t collect any log from this host. In addition I checked in this host and I didn’t find lpagent. Could you please tell why it not works ? And what should I do ? Regads,Siawash

0
M
21 days ago
Sophia Zangenberg
Sophia ZangenbergCommunity Manager
asked in Masterclass - UK&I

Masterclass on Compliance NIS & NIS2

Please find the recording of yesterdays´s Masterclass with the attached presentation deck. Thank you for joining in and don't forget to sign up for our next one on the 12th of December. Sign up here:https://www.zoom.us/webinar/85130739967?occurrence=1702373400000  

0
Sophia Zangenberg
23 days ago
M
Mike FurrerNew Participant
asked in Configuration

The ODBC Enrichment source is not showing up

Hi thereWe have Created a ODBC enrichment Source to use a SQL Database for enrichment.It is all setup on the source side and seems to be working.But when I then go onto the Director console to add said source in a Enrichment Policy, the source is not there to select, all the other sources are but this one is not.Has anyone experienced this before? 

0
M
29 days ago
L
Lee BradleyNew Participant
asked in Searching & Analytics

Publish Dashboard to Public API

Hello all, I am looking for a way to publish a dashboard to the public API. Does anyone know if this is possible? As it stands I have managed to publish individual dashboard widgets to the public API but I would prefer to share the whole dashboard with 1 URL. Thanks

0
L
1 month ago
B
bnelaNew Participant
asked in Design & Architecture

Logpoint Health monitoring through Grafana

Hi All, We do have different clients and we want to create a real time monitoring system. Is it possible to integrate it on Grafana, if yes do you have any idea how?  i know that monitoring through email is possible but we want a centralized monitoring system Thanks 

0
B
1 month ago
M
Mark NorthcottNew Participant
asked in Searching & Analytics

list all event ids found by each device

I need to create a query to export the results with the following criteria, but unsure how to write the query.I want to list every end device by hostname (including all end devices fed by Windows event collectors, not reported as the WEC) and then all the event codes (unique) collected from that device in ascending order. Can someone please point me in the right direction

1
G
LogPoint Team
1 month ago
M
MicropoleKnown Participant
asked in Searching & Analytics

Exiration log for Microsoft office 365

Hi,I would like to know if it is possible to find the log that show the expiration date of Microsoft office 365 account ? If yes, could you please tell me how can I find it ? Regards,Siawash

2
M
1 month ago
A
alekstaKnown Participant
asked in Design & Architecture

LogPoint [AIO] - import syslog from a syslog server

Hello,I have an archive server were I store some syslog/json logs on. I wonder If It’s possible to send over som of  these to LogPoint?Is It possible manually to transfer over some of the logs from the archive → Logpoint AIO? Like use scp or something else. I dont find any related documentation related to this. 

0
A
1 month ago
M
Matmut - SécuritéNew Participant
asked in Use–cases

How to estimate the volume of data collected ?

Hello,I would like to search a query to know the volume of data per day collected in my Logpoint.Thanks a lot

2
M
1 month ago
M
Mike FurrerNew Participant
asked in Searching & Analytics

Logpoint Agent X Applocker Dashboard

Hi.We have implemented Agent X into our systems, and we are observing Applocker Events with Agent X.Now our customer would like a dashboard for these Event.And I was not sure how to go about creating these Dashboards.How can I make a dashboard specifically for the Eventviewer logs.Cheers Mike

3
Nils Krumey
LogPoint Team
1 month ago
M
Mike FurrerNew Participant
asked in Searching & Analytics

Logpoint Agent X and devices Hostnames

Hellowith the new Agent X, we were testing adding Devices with Agent X to logpoint, due to DHCP they will not always have the same IP address. We attempted to add this device via Hostname to logpoint, but even though the Agent X panel claims that it is active and collecting logs, When searching for said logs, I get no result for the Hostname.Is it Possible to use Hostnames to add Devices to logpoint in use with agent X?Or is it not possible.

2
M
1 month ago
K
Kamal PaulNew Participant
asked in Searching & Analytics

P2P network connection detect rule

Hello everyone,Being searching LP blogs and community to see if we have any detection rules for P2P network connections. Came out there is a rule to finding P2P applications but nothing of useful to find the network connection. Any tips or suggestions in building a P2P detection will be much appreciated. Thanks

1
Nils Krumey
LogPoint Team
1 month ago
A
alekstaKnown Participant
asked in Use–cases

Collect DHCP logs & enrichment with other log sources

I’m thinking of onboarding internal DHCP logs. But I don’t quit know yet If it’s a good way to go.I’m also in the progress of onboarding ISE logs, for authentication monitorering. Is It possible to correlate DHCP logs with ISE logs?How about use-case related to DHCP logs? Looking at the built in alert rules there was only few use-cases related to DHCP. I think more about rouge DHCP server and so on. Does anyone have experience about DHCP logs and the the ability to correlate these with other logsources to get MAX out of It.Thanks!

2
A
1 month ago
A
alekstaKnown Participant
asked in Configuration

LogPoint UEBA Configuration

Hi!I’m wondering how LogPoints UEBA handle nested AD groups? Nesting of AD groups for selection of specific users that I wont to point to the UEBA cloud for AI intelligence. Is this possbile? 

1
Nils Krumey
LogPoint Team
2 months ago
M
LogPoint Team
MarketingLogPoint Team
asked in Masterclass - Germany

Masterclass - SOAR - Germany

Hallo zusammen,das Recording der Masterclass vom 14.6.23 zu “SOAR ” finden Sie hier  Hier sind die Playbooks, die in der Masterclass besprochen wurden  

0
M
LogPoint Team
2 months ago
G
Georg WittigNew Participant
asked in Searching & Analytics

group logs with same value

Hi everyone,  Here is a task that puzzles me: I am looking at events of remote connections and I want to display the connections that are currently active. One Connection has evetns like “login”, “authentication_try”,  “session_closed”, etc. and the same session_id. The number of logs with the same session _id may vary, since, for example, there might be more than one authentication_try.So I would like to first group all events with the same session_id and then filter out those, that do not have a “session_closed” event.I tried to implement this with one or two streams (join) but did not come to a solution. With one stream I cannot give an exact number of logs “having same session_id”, with two streams I would need something like “[session_id=*] as first-streamjoin[session_id=*] as second-stream on first-stream.session_id=second-stream.session_id AND first-stream.log_ts!=second-stream.log_ts”. Also a “not followed by” could have been a solution for this, which does not exist.  Does any

0
G
2 months ago
E
Edgar FastNew Participant
asked in Searching & Analytics

Dynamic Alert Recipient

Hi all,i would like to send an email alert and choose the recipient depending on the triggered alert. For example, when a user changed his active directory password, i want to send him an email, telling that the password for his account was changed and if it was not himself he should contact directly the helpdesk.Bestedgar

1
S
LogPoint Team
2 months ago
A
alekstaKnown Participant
asked in Normalization & Parsing

Re-parse an event for normalization (JSON-event)

Hi !Just a interesting question. I know that other SIEM vendors have problem with this. Maybe LogPoint have a good function for this. So I received a JSON-event that didn’t normalise, due to that no normalization-package was enabled. I enabled this after I received the event. So to my question. Is It possible to parse this event afterwards so that It gets normalized? Or do I have to wait for another event from the same logsource to see If this one gets normalized?

6
A
3 months ago
P
Peter StumpfNew Participant
asked in Design & Architecture

Collector not pushing to data node

Hi,I have a distributed system with dedicated collectors. Now, during setup and configuring a few hundred linux servers via rsyslog to send their logs to one collector, the collector suddenly stopped pushing the data further to the data node. I’ve rebooted the collector, which resulted in temporary relief, however after roughly two hours, the problem resurfaced. Using tcpdump on the collector I can see logs streaming in from the log sources (tcp/514), and also on the data node I see openvpn-udp traffic comming in from the IP of the collector - not sure however if in latter I see only tunnel keepalive traffic, as the packages are very small 65-103 byte. I don’t have a clue on how to understand what is going on and where to look at - seems some resource problem to me, in terms of memory or cpu the system is well equipped and bored :-). The thing is, when doing a search over all repos with "collected_at"="myCollectorName" I don’t get any data at all. As if the thing would not exist.Do you

1
markus.nebel@8com.de
3 months ago
S
SubhashNew Participant
asked in Use–cases

Integration with Salesforce Commerce Cloud

Does Logpoint has out of the box integration with Salesforce Commerce Cloud? Has anyone did this from this group? Appreciate if you could help!

1
G
LogPoint Team
3 months ago
O
Olin NGAGOMNew Participant
asked in Use cases

Launch a playbook when an alert is triggered

 l have an alert rule that triigers when it detects a web attack like XSS, SQLI.i want my playbook to starts when the alert is triggered. Any idea??

1
HansHenrikMoerkholt
3 months ago
M
LogPoint Team
MarketingLogPoint Team
asked in Masterclass - UK&I

Masterclass - Alert Rules - 8th August

Please find the recording of yesterday's masterclass with the attached presentation deck. Thank you for joining in and don't forget to sign up for our next 4 masterclasses here: https://logpoint.zoom.us/webinar/register/WN_AlKJy3smSxSzX5lmr1wbsA#/registration

0
M
LogPoint Team
4 months ago
M
LogPoint Team
MarketingLogPoint Team
asked in Masterclass - Nordics

Masterclass - Alert Rules

Please find the recording of yesterday's masterclass with the attached presentation deck.  Thank you for joining in and don't forget to sign up for our next 4 masterclasses here: https://logpoint.zoom.us/webinar/register/WN_AlKJy3smSxSzX5lmr1wbsA#/registration

0
M
LogPoint Team
4 months ago

Badge winners

Show all badges
Terms & ConditionsCookie settings