Help Center Logpoint Docs Idea Portal Logpoint.com

- - Knowledge base
Groups
Events

Community
SIEM
Use–cases

Use–cases

Stay up to date with the latest & greatest

21 Topics
35 Replies

When you subscribe we will email you when there is a new topic in this category

21 Topics

Recently active

Most replies Most views Newest first

Cintia SzaboLogPoint Team

posted in Use–cases

Emerging Threats: AgentTesla – A Review and Detection Strategies

AgentTesla [S0331] a.k.a Negasteal is a .NET-based Remote Administrator Tool (RAT) first detected in 2014. It is advertised as a Remote Administrator Tool since then. AgentTesla allows adversaries to remotely control the systems of victims and manipulate them accordingly, so it is utilized by numerous threat actors such as SILVERTERRIER, SWEED, Aggah, and many more.Learn more about the analysis, detection, and mitigation using Logpoint SIEM+SOAR in our latest report on the link below.https://www.logpoint.com/en/blog/agentteslas-capabilities-review-detection-strategies/

2 days ago

Cintia SzaboLogPoint Team

posted in Use–cases

Webinar: Introducing Agent-X

Hi All,We are excited to introduce AgentX, as a key native element of our Converged SIEM platform.AgentX greatly helps to elevate threat detection, accelerate investigation, and ensures lightning-fast remediation while working seamlessly with SIEM and SOAR. If you would like to hear more, join our upcoming webinar via the link below.https://www.logpoint.com/en/webinars/agentx-webinar-endpoint-security/

27 days ago

Matt EllisLogPoint Team

posted in Use–cases

Gamaredon and their new “Gamma“ edition of malware TTPS

A year on since the first attack on Ukrainian territory and the unofficial beginning of the cyber war, the Secretary of Ukraine’s National Security and Defense Council, Oleksiy Danilov, has issued a warning that Russia could conduct a large-scale cyberattack as part of its renewed aggression. Through this updated edition of the Russia-Ukraine war, we look deeper into its execution, techniques they have deployed, the variations, and how we can utilize the capabilities of Logpoint Converged SIEM to detect, prevent and respond to attacks from Gamaredon and their new “Gamma“ edition of malware TTPS.

1 month ago

Cintia SzaboLogPoint Team

posted in Use–cases

Utilizing Network Logs for Investigation and Remediation to uncover illegitimate Crypto-Mining Activity (Cryptojacking)

Crypto-mining has become a growing threat in recent years with more than 500,000 individuals affected only in 2022 according to Kaspersky reports. Typically using processing power of the victim’s computer illicitly to mine cryptocurrency, allowing cybercriminals to remain hidden for months.In our newest piece by Logpoint blackbelt, Swachchhanda Shrawan Poudel you can read about the best practices and tips&tricks to detect and remediate illegitimate Crypto-Mining Activity with Logpoint.Read the full article on the link below:https://www.logpoint.com/en/blog/uncovering-illegitimate-crypto-mining-activity/

1 month ago

Aaditya KhatiNew Participant

asked in Use–cases

How to create a case from incident with in-built soar?

I have a requirement of creating cases from incident tabs. Can i get a reference to creating cases from incidents?

3 months ago

MicropoleParticipating Frequently

asked in Use–cases

Why this error message ? '}'

Hi,I come to you because I have an error when I execute folloing query. Could any one help me please ? Here is my quary : (MsWinEventLog OR norm_id=WinServer*) label=Object label=Access (access_list=\"*4417*\" OR access=\"*WriteData*\") {{user},}, {{fileshare},}, {{path},}, -relative_target in SYSTEM_PATHS | rename relative_target as Object, share_path as Path | chart count() by user, device_name, object_type,Path, Object | fields user, device_name, object_type, Path, Object and when I execute this query I receive these error message : Thanks in advanceLooking forward to reading you

3 months ago

Aaditya KhatiNew Participant

asked in Use–cases

Has anyone been able to integrate TheHive for managing cases ?

I am trying to create a use case where i can connect TheHive with LP. Lets discuss if anyone has been able to or planning to do this

3 months ago

MicropoleParticipating Frequently

asked in Use–cases

Adding a Search Template

Hi,I would like to add a new parameters templete. But when I add the new parameter it doesn't works (for exemple when I add the source_address it doesn't works) ? I would like to know why ? Thank you in advance for your help.

3 months ago

Cintia SzaboLogPoint Team

posted in Use–cases

Hunting LockBit Variations using Logpoint

LockBit has been implicated as the most active ransomware and has been involved in the most attacks compared to others of its kind. Read our latest blog by Anish Bogati & Nilaa Maharjan from Logpoint Global Services & Security Research on how Logpoint can help you to strengthen your security posture when it comes to LockBit ransomware.Link to the blog post:https://www.logpoint.com/en/blog/hunting-lockbit-variations-using-logpoint/

5 months ago

Cintia SzaboLogPoint Team

posted in Use–cases

Introducing the Logpoint Use Case Catalog

Focusing on one use case at a time, the Use Case Catalogue will guide you through the implementation of basic monitoring of specific log sources in a Logpoint SIEM platform. The first instalment of the Use Cases Catalog series, Active Directory Use Cases is now available on the link below: https://community.logpoint.com/active-directory-13

5 months ago

Ash ScottInspiring

asked in Use–cases

Passing parameters within a Playbook Trigger?

Hi folks, I’m trying to set up a Playbook Trigger, but wanted to potentially pass through parameters for it.The setup is as follows:Alert is triggered Playbook Trigger runs based on matching alert_id Playbook generates case data and runs additional actions/playbooks.I would (ideally) like the Playbook Trigger to pass details from the incident to the Playbook it is linked to.Is this something that’s possible from the Trigger directly, or do I need to use a Query/another action within the Playbook to try and extract the info I need?On that note, is there an easy way to get data from the incident that triggered the alert within the playbook itself?

7 months ago

Cintia SzaboLogPoint Team

asked in Use–cases

Emerging Threats: ChromeLoader

Our research team have been taking an in depth look at ChromeLoader. An innocent looking malvertiser that masquerades as a cracked game or a pirated movie sometimes placed on social media.Read here ⇉ https://bit.ly/3N2vHEo and download the report here ⇉ https://bit.ly/3tRZZDc to ensure you’re taking the best steps to remain protected.#SIEM #SIEMSOAR #Cyberthreats #CyberSecurity #Malware

9 months ago

Cintia SzaboLogPoint Team

posted in Use–cases

Spring has finally sprung! But this #Bumblebee isn’t interested in pollination - This one’s a malicious downloader.

In the third instalment of our Emerging Threats series our researchers took a look at Bumblebee’s evolution and determined how you can best protect your organisation with in-depth analysis and response via #Logpoint For the full article, click here: https://www.logpoint.com/en/blog/buzz-of-the-bumblebee-a-new-malicious-loader/

10 months ago

Cintia SzaboLogPoint Team

posted in Use–cases

BoxAudit_v5.1.1 application release

We have released the BoxAudit_v5.1.1 application publicly in the Help Centre. To find out more, you can find the application package here: https://servicedesk.logpoint.com/hc/en-us/articles/360002071597 and the documentation here: https://docs.logpoint.com/docs/boxaudit/en/latest/

10 months ago

obachaneNew Participant

asked in Use–cases

Fetshing Logs from Oracle DB on Redhat

Hello everyone,I want to collect oracle DB logs in redhat with SCP fetsher. does anyone know the exact locations of the logs.NB: I have already tried with the logs of redo*.logs, but they are not readable.Regards

1 year ago

Cintia SzaboLogPoint Team

posted in Use–cases

LogPoint 6.12 - Speed up incident response with more contextual awareness

Join Sales Engineer @Nils Krumey on October 5 on a live session where he will demo how the new update to LogPoint can help security analysts react to and resolve threats quickly by knowing instantly which type of threat it is. Join the knowledge session to:- Learn how the new categorisation of alerts and incidents to the MITRE framework can speed up incident response- See how you now can share search and report templates- Understand how LogPoint is making it easy to route incidents to different SOAR playbooks based on the incident type Register on the link below:https://lnkd.in/ggg9pvMH

1 year ago

Kai AlbarusInspiring

asked in Use–cases

Alarm a missing Event...

Hi @all, do anyone have an Idea how to alarm a missing Event like:Every Morning around 4 there should be a “successful copy” Event. I want to Alarm if exactly this Event is missing.The Alarm should fire around 6 and not much later. My only Idea is to run a scheduled Report because i can’t configure the ALarm to rum exactly in the Timeframe of 2 hours. Am i wrong?

1 year ago

Aaditya KhatiNew Participant

asked in Use–cases

Fetching logs using Nessus Fetcher

Installed Nessus. Configured Nessus fetcher in LogPoint and communicated with Nessus successfully. What is the following procedure that the Nessus logs are imported to LogPoint?Thanks in advance.

1 year ago

Brian HansenLogPoint Team

posted in Use–cases

New Blogpost - Detecting PetitPotam

Remember to read the latest BlogpostWatch out for PetitPotam, a relay attack that can compromise your domain without any authentication. In this blog post, our Security Analytics Engineer Babesh Rai takes you through all you need to know to mitigate the threat and detect the attack chain in LogPointRead the post here: https://www.logpoint.com/en/blog/detecting-petitpotam-a-relay-attack-that-can-compromise-your-domain-without-any-authentication/ / Brian

1 year ago

Muhammad AdamNew Participant

asked in Use–cases

Rules for monitoring attacks against web apps

Hi all, I’ve been through the provided vendor rules in Logpoint and they are not useful. Does anyone have any rules that they can share that detect the attacks mentioned in the OWASP top 10? Thank you

1 year ago

Kimil TimilsinaNew Participant

asked in Use–cases

Fetching logs from Oracle Database table

Can we fetch logs from oracle database, where there is no incremental key? I am thinking about, fetching logs from database table on daily basis once.Can it be possible with logpoint?

1 year ago

Badge winners

Cintia Szabohas earned the badge Silver Contributor
Cintia Szabohas earned the badge Community Builder
Cintia Szabohas earned the badge SIEM expert
Cintia Szabohas earned the badge Logpoint Expert
markus.nebel@8com.dehas earned the badge Silver Contributor

Show all badges

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.