I sometimes wonder if LogPoint (as a company) itself uses its own LogPoint SIEM to monitor its IT infrastructure (servers, clients, firewalls, etc.)? (see eating your own dog food principle)
I ask this because whenever it comes to user experience and serious functional errors in the software, I often have the feeling that only the support staff use the SIEM in their small virtualised test environments.
They then have only a few log sources connected (or pools and machine in the director environment), which means that some problems that only occur in very large environments do not appear at all.
Two simple examples:
- If so many entries are to be displayed in the UI that a scrollbar becomes necessary, this is sometimes not implemented correctly or poorly in terms of UX.
- If the indexsearcher or other services simply crashes with "something is wrong" in the UI when running a search and do not deliver any further messages or hints and thus the entire service promise of a security provider is at stake.
I would guess that due to the short feedback loop within the company, many problems and bugs could be solved much faster if LogPoint had their own product in productive use.
LogPoint is soon at version 7.2 (!) and in some cases it is still not possible to guarantee that alert rules will run uninterruptedly without becoming obviously noticeable in the event of an error. I would expect this in early versions but not in 7 and onwards. I currently see the focus far too much on SOAR and other hyped gimmicks, while the base functionality of the SIEM is not working sufficiently.
Best answer by Brian HansenView original
Thanks for engaging in the Logpoint Community. To answer your question - yes! At Logpoint, we use our Converged SIEM platform, but it is a different size and complexity than some of our customer and partner environments.
That is why we rely on close collaboration and feedback from Logpoint users. We regularly engage with our customers and partners in the User Council and capture product feedback in the Logpoint Ideas Portal, where we have shipped and are developing more than 100 ideas.
I understand it’s frustrating when a product behaves differently than expected. We have seen with some of our customers that unstable deployments usually result from limitations with the deployed infrastructure, for example, CPU, memory, disk speed, etc. However, to ensure users get the best experience possible, we allocate 50% of our development time to improving stability and reliability. Also, our QA team evaluates all product updates, including bug fixes and new features.
Our internal Logpoint instance is always running the latest release and our sales engineers test releases on internal environments. We also provide tech previews so customers can try product updates before release.
All this to say, while we are proud to use our Logpoint software, we strive to create a product that meets all our customers' diverse needs. Whenever we can improve, our customer success and support teams will assist in every way possible to ensure our users get an excellent experience working with Logpoint.
I would appreciate having our customer success and product teams engage more closely with you to understand your specific challenges and how we can improve Logpoint. One of the Logpoint staff will contact you separately to set up this session if you are interested.
VP, Customer Success
I tried to add the below comment to an Idea (Repo health baselining and alerting) in the Idea-portal, but it was not posted, so instead I will add it here:
I would like this idea to get more attention from Logpoint Developers!
It appears that this issue is also addressed in other ideas and community postings eg:
Enhancement on System Health Monitor through UI.
Is LogPoint using LogPoint SIEM itself for their IT infrastructure?
How many roles are needed to handle this system? Users, Admin and Hybid-User/Admin/techsavvy? As a user I will be the first person to experience any failures, but I have no means of knowing if something is broken or why.
Because SYSTEM MONITOR is only available for an Admin, we will never know:
If eg. a Source stopped forwarding logs
Alerts are not run due to eg. performance issues
Are the Admin supposed to watch the System Monitor all the time and/or spend a lot of time with LPdiag?
Do we really need to install 3-party Monitoring tools for the Logpoint infrastructure, before the Users are able to get Health Metrics?