Help Center Logpoint Docs Idea Portal Logpoint.com

Unanswered questions

136 Topics

M
MicropoleParticipating Frequently
asked in Operations Monitoring

FileRecycled

Hi!I have a question about signification “FileRecycled”. In fact, in my dashboard I see action=FileRecycled but I can’t understand what exacly it means ! Could please explain me what it means ?Thank you in advance for your reply. Best regards,Siawash

3
P
LogPoint Team
5 days ago
A
alekstaParticipating Frequently
asked in Normalization & Parsing

Windows SCCM send logs to LogPoint

Hi!I’m curious into how to collect logs from SCCM. Logs related to endpoint protection, virus alarms, quarantind threats etc.Found out that nxlog provides a configuration file for this. Missing some fields in the configuration file, example <Output out_syslog>. To point out the syslog dst. Microsoft System Center Configuration Manager :: NXLog DocumentationHas anyone any experience about this?Thankful for replies. 

7
A
6 days ago
A
alekstaParticipating Frequently
asked in Searching & Analytics

PowerExchange Malware backdoor - Exchange servers

Hi!Is there anyone in this community thas has some knowledge about the recently malware backdoors on Microsoft Exchange servers?I would like to investigate this further and do some threat hunting. Does anyone here has some threat hunting querys in LogPoint?

0
A
10 days ago
M
LogPoint Team
MarketingLogPoint Team
asked in Masterclass - Germany

Masterclass recording - Agent X (German Language)

Hallo zusammen,das Recording der Masterclass vom 17.5.23 zu “Agent X ” finden Sie hier:   

0
M
LogPoint Team
11 days ago
A
Ahmad KhilfiNew Participant
asked in Technical FAQs

Capture Raw Logs into SOAR Parameter

Is there a way to capture raw logs and use them as field parameter?

0
A
19 days ago
N
Nayan BhattaraiNew Participant
asked in APIs & automation

Jira Integration in LogPoint

Hi team,Has anyone integrate Logpoint SOAR with Jira’s incident management?. The goal is to have two way integration with LP incident to work with Jira’s ticketing system. 

2
P
LogPoint Team
22 days ago
A
alekstaParticipating Frequently
asked in Normalization & Parsing

Cisco Firepower logs not normalized

Hi!Been struggling with the normalization of Cisco Firepower logs, were I expect better normalization and a better enrichment. The syslog is configured from the Firepower Management Center.Everything should be correct in LogPoint were we’ve put in all the normalization policys for the log source. Compiled Normalizer:-  Cisco FirepowerNormalizer-  CiscoPIXASACompiledNormalizerNormalization Packages:- LP_Cisco Firepower​​​​​​​- LP_Cisco Fiirepower Management Center​​​​​​​- LP_Cisco Fiirepower Management Center v6_2​​​​​​​- LP_Cisco PIX/ASA Generic​​​​​​​- LP_Cisco PIXASAIs there any problem with the format syslog? Had the same issue with CheckPoint FW, but this got solved when we changed the format to CEF. Only the problem that Cisco Firepower only support the format syslog.Is there someone that has any tips on how to move on forward with this?

2
A
25 days ago
R
Ranjan LamaNew Participant
asked in Configuration

how to add remote logpoint through distributed logpoint feature?

Hello community,I am trying to create a connection between two logpoint server. I followed the documentation but I failed to create a connection. First, I created the open door on the remote logpoint and then tried to create a connection from another logpoint server using distributied logpoint feature after entering ip, password and private ip. I get a notification stating its already exists but I don’t see new connection in a list,to a remote logpoint server under distributed logpoint. I further notified IT team to open prot 1194/upd but still no success.IT team can not see any attempts I have made to connect two logpoint servers on their firewall. I would appreciate assistance if anyone in the community have tried this or knows how do it. I had a session with LogPoint but resulted in unsuccessful attempts.    thank you very much.Ranjan

1
HansHenrikMoerkholt
1 month ago
A
alekstaParticipating Frequently
asked in Use–cases

Cisco Stealthwatch send syslog to LogPoint

Hi!I’m wondering If It’s possible to configure Stealthwatch to communicate with LogPoint. I want Stealthwatch to forward events, even better If It also can forward flows to the SIEM.Is this possbile?All I can find regarding this is the integration with LogPoints SOAR to configure different types of actions.Adding the Vendors — Cisco Secure Network Analytics (Stealthwatch) SOAR Integration latest documentation (logpoint.com)

5
P
LogPoint Team
1 month ago
B
Birendra SahNew Participant
asked in Searching & Analytics

j

.

0
B
2 months ago
2
24Solutions SupportNew Participant
asked in Normalization & Parsing

Multi line parser for Java applications.

Hi.We are trying to push multi-line logs to Logpoint, for example a stack trace.They are created by Java applications like Jboss, Tomcat and few more. Where we have some debug information in logs such as content of XML messages processes by the system etc.When such logs are displayed in Logpoint, we need to preserve the line breaks along with indentation to make them readable by a human.Can you please show a complete recipe on how to achieve that?I saw this topichttps://community.logpoint.com/normalization-parsing-43/multi-line-parser-147and understood that there are some pre-compiled normalizers which can be used, can you please explain how they gonna work and how exactly we need to: 1.  send logs to Logpoint 2. process logs in logpointIn order to be able to present properly formatted (line breaks and indentation)  logs for users who will look for the logs ? Thanks

3
P
2 months ago
yashusharma
yashusharmaNew Participant
asked in Use cases

How to Extract Custom SAP Table Modification Logs in SIEM Using LogPoint for SAP?

Hello everyone,I hope this post finds you well. Today, I'd like to discuss how to extract custom SAP table modification logs in SIEM using LogPoint.For those unfamiliar with the concept, SIEM (Security Information and Event Management) is a technology that combines security information management (SIM) and security event management (SEM) to provide real-time analysis of security alerts generated by network hardware and applications.LogPoint is an industry-leading SIEM solution that enables users to collect and analyze log data from various sources, including SAP systems.When it comes to SAP systems, LogPoint can be used to extract modification logs for standard tables. However, for custom tables, some additional configuration is required to ensure that the logs are collected and analyzed properly.Here are the steps you can follow to extract custom SAP table modification logs in LogPoint:Step 1: Enable Change Document ObjectFirst, you need to enable the change document object for your c

1
A
2 months ago
M
MicropoleParticipating Frequently
asked in Searching & Analytics

meaning of the "count() function"

Hi !I would like to know a little more about the “count() function” in logpoint and it’s meaning. In fact as you can see in screen shot I received a log at 10:42:53 and count() is equal to 53 and theye are normaly 53 logs. But when I clic on this line (log) all of these 53 logs are exactly the same ! what is meaning ? How can I interpret ? Is it just one log (one action realised) ? or theye are really 53 logs (53 actions realised) Thank you in advance for your help. Best regardsSiawash

2
M
3 months ago
A
Aaditya KhatiNew Participant
asked in Use–cases

How to create a case from incident with in-built soar?

I have a requirement of creating cases from incident tabs. Can i get a reference to creating cases from incidents?

4
A
5 months ago
M
MicropoleParticipating Frequently
asked in Use–cases

Why this error message ? '}'

Hi,I come to you because I have an error when I execute folloing query. Could any one help me please ? Here is my quary : (MsWinEventLog OR norm_id=WinServer*) label=Object label=Access  (access_list=\"*4417*\" OR access=\"*WriteData*\") {{user},}, {{fileshare},}, {{path},},  -relative_target in SYSTEM_PATHS | rename relative_target as Object, share_path as Path |  chart count() by user, device_name, object_type,Path, Object | fields user, device_name, object_type, Path, Object and when I execute this query I receive these error message : Thanks in advanceLooking forward to reading you

2
M
5 months ago
A
Aaditya KhatiNew Participant
asked in Use–cases

Has anyone been able to integrate TheHive for managing cases ?

I am trying to create a use case where i can connect TheHive with LP. Lets discuss if anyone has been able to or planning to do this

12
L
5 months ago
S
Srijan KafleInspiring
asked in Searching & Analytics

Count number of entries in Dynamic list

How can we count number in entries in dynamic list?

4
S
5 months ago
S
Srijan KafleInspiring
asked in Searching & Analytics

Delete an entry from Table

I have a table that is populated frequently using query scheduled in the report. I am trying to remove an entry from the table. How can this be achieved.

2
S
5 months ago
M
MicropoleParticipating Frequently
asked in Use–cases

Adding a Search Template

Hi,I would like to add a new parameters templete. But when I add the new parameter it doesn't works (for exemple when I add the source_address it doesn't works) ? I would like to know why ? Thank you in advance for your help. 

4
M
5 months ago
A
Aaditya KhatiNew Participant
asked in Searching & Analytics

Split same field values into two fields.

If i have an event_category= User, Logon. I want to be able to create new fields (e.g. X, Y) and present data like X=User and Y=Logon. What would be the query to showcase this in result.

1
Mike Blomgren
LogPoint Team
5 months ago
C
CarstenNew Participant
asked in Searching & Analytics

Add more Information to a Report

Hi there,i’m new using Logpoint. So i need some help for a search i would like to do. I would like to add some more information to the search “Top 10 User in Failed Kerberis Authentication” there i would like to add on which workstation the user have tryed to logon.

4
Rasmus Heiselberg Porse
LogPoint Team
5 months ago
H
HeretoforeNew Participant
asked in Design & Architecture

Backup best practices

Hello,I’m designing my backup. So far in the documentation, I’ve read two options: application snapshot and application backup, both are writing to the local disk.Let’s put aside the configuration backup as it’s less than 1 GB. The real challenge comes with backing up repos.In an on-prem infrastructure, backups are stored in the backup infrastructure, with VTL and so on. There’s no way I can request to double the size of the repo disk just to store a consistent backup that I will have, then, to transfer to the backup infrastructure.In a cloud infrastructure, the backup would go directly to the object storage such as S3 Glacier. Neither would we rent a disk space used only during backup, though it might be easier to do in a cloud environment.In addition to the backup and snapshot methods from the documentation, I should add the option of disk snapshot, either from the guest OS or from the disk array (only for on-prem infrastructure). These would provide a stable file system onto which t

2
Rupsan Shrestha
LogPoint Team
6 months ago
markus.nebel@8com.de
markus.nebel@8com.deBrainy
asked in Searching & Analytics

Display List Elements like Tabel?

It is possible to use the search queryTable TABLE_NAMEto list the content of the table “TABLE_NAME”.But there seems to be no possibility to do the same with a list.Or did I miss something?

3
P
LogPoint Team
6 months ago
Rene Szeli
Rene SzeliNew Participant
asked in Operations Monitoring

Delete files in storage folder with bash command

Hi friends,I have the problem that the storage folder is now over 90% full.Now I wanted to empty the folder using bash commands directly in the disk notification and have applied the following to "Command:": find /opt/makalu/storage/ -type f -mtime +30 -deleteUnfortunately without success, the folder grows and grows. Do you have a tip or a solution for this?Thank you in advance and kind regards

8
K
6 months ago
Nicolai Thorndahl
LogPoint Team
Nicolai ThorndahlLogPoint Team
asked in Searching & Analytics

Searching for special characters in fields like the wildcard star "*"

When searching for special characters in field values in Logpoint just pasting them in a regular Key = valueexpression, can often result in searches not working as intended from the users perspective as the Logpoint search language will interpret the character differently from the intention.For instance searching for fields with a star “*” character results in getting all results that has a value in that specific key, as Logpoint uses the star “*” as a wildcard character, which basically means “anything”.  key = * will result in all logs with a field called keyInstead of using they kay value pairs to search we can use the builtin command match to find any occurrences of the value that we are looking for. In this example we will search for the star “*” frequently referred to as wildcard. We have some logs that have a field called policy in which we would like to find all occurrences of the character star “*” . To do this we first ensure that the policy field exists in the logs that we s

1
markus.nebel@8com.de
7 months ago

Badge winners

Show all badges
Terms & ConditionsCookie settings