Curious about our SOAR use cases or have a great idea you`d like to share? Look no further!
- 11 Topics
- 31 Replies
Hi folks, Another cases and playbooks question - is there a way to update the name of an existing case item from within a Playbook? By default, we are generating cases with just the incident ID for identification, but we’d ideally like to be able to update the name of the case once some additional playbooks have run.We already have a way to get the case ID etc, it’s just the renaming part we’re stuck on. Is this possible?
Hi folks,I was wondering if anybody could tell me what the use case is for the new ‘Add Global Parameters’ action added in SOAR 1.0.4? As far as I can see, any output parameter from an action is already accessible from any other? From my quick tests it doesn’t look like they pass down to Sub-playbooks either, so are they just meant as a quicker way to access the values within a playbook?I couldn’t find any documentation on this, so I was hoping someone else might know the answer.
Hi folks,Is there a way to update a case with the output of a Playbook?For example, if I have a Playbook that checks an IP Reputation, is there any way I can get the Playbook to update the case to display the reputation response as an actual Case Annotation or something of the sort?
Analysts are constantly swamped with alerts, and to deal with this, they have to rely on repetitive manual tasks. This is like putting water on an oil fire, making the situation much worse and more time-consuming.SOCs need a solution that enables them to manage and prioritize their workflow efficiently by giving them the ability to collect security threat data and alerts from multiple sources. This is where Logpoint steps in.Previously we identified top use cases for SIEM. This time here are five common SOAR use cases that every organization should implement to reduce alert fatigue, overload and subsequently increase productivity in your SOC team.01 Automated alert triage and enrichment02 Endpoint malware mitigation03 Automated Phishing Investigation and Response04 Automated Threat Intelligence management05 Ransomware mitigationTo read the full story, read the link below: https://www.logpoint.com/en/blog/top-5-soar-use-cases/
Hi All,Have you ever found yourself asking the following questions while using /logpoint SOAR? What do i need to do to run a specific playbook? What playbooks can i run with my current set of integrations? What integrations should I get to run a specific playbook? In case the answer is yes, we have exciting news. We are pleased to announce the launch of /logpoint playbook explorer, a compact tool helping you to maximize the security value of your integrations and SOAR playbooks.For your convenience, we have also created a short walk-through video attached below.You can access /logpoint playbook explorer via the link below:https://docs.logpoint.com/playbook-explorer Should you have more questions, do not hesitate to reach out to us here or via firstname.lastname@example.org
Hi, Is anyone using the VirusTotal integration into their SOAR?I was all for getting it setup until I saw that you cannot use the free Public API in a commercial product.“The Public API must not be used in commercial products or services.” (https://developers.virustotal.com/reference/public-vs-premium-api) So, is anyone using the Premium API? and is it really $10,000 per year?Or are you sticking to the public API and hoping to not get blacklisted?Cheers
Using logpoint to fetch logs from Microsoft Office 365 but unable to receive the logs of emails (like:- email delivery etc ) except the mail delivery fail logs.Able to fetch the logs like:-Mail delivery failureNot able to reveive the logs like:-Mail deliveredAny suggestion? Any Solution?
Analysts are constantly swamped with alerts, and to deal with this, they have to rely on repetitive manual tasks. This is like putting water on an oil fire, making the situation much worse and more time-consuming.SOCs need a solution that enables them to manage and prioritize their workflow efficiently by giving them the ability to collect security threat data and alerts from multiple sources. This is where Logpoint steps in.Previously we identified top use cases for SIEM. This time here are five common SOAR use cases that every organization should implement to reduce alert fatigue, overload and subsequently increase productivity in your SOC team.01 Automated alert triage and enrichment02 Endpoint malware mitigation03 Automated Phishing Investigation and Response04 Automated Threat Intelligence management05 Ransomware mitigation01 Automated alert triage and enrichmentLogpoint SOAR automates alert triage and enriches the alerts with additional information from multiple sources enabling
Tak til alle der deltog i vores seneste Masterclass for Norden. Glem ikke at gå ind og registrere dig til vores næste Masterclass d. 26 April, du kan læse mere her: https://go.logpoint.com/Nordic_Masterclass_2022. Hvis du ikke fik chancen til at se det live kan du her se optaglesen samt præsentationen.
Our converged SIEM+SOAR performs automated investigation and response to cybersecurity incidents using playbooks. Playbook Design Service is an additional service assisting organizations with refining and optimizing your manual incident response processes into documented workflows and automated playbooks tailored for your organization. Our service encompasses a complete playbook lifecycle, from understanding your specific needs to the creation, development, and testing of the playbook. Having our Global Services experts by your side enables utilizing your SIEM to its fullest extent, reducing your workload, and increasing your ROI on security controls. For more information, download our Playbook Design Service brochure: https://go.logpoint.com/playbook-design-service?_ga=2.39629923.1196326192.1645625385-1446914226.1645171249&_gac=1.261194623.1642752963.CjwKCAiA0KmPBhBqEiwAJqKK412rigizVIxknwM7T0qJ3YeUrzEpvCi5Q4a5OEID4NJS455Nz2QDixoCaZUQAvD_BwE
Hi All,Just wanted to remind you of the awesome opportunity to join our live session with Doron Davidson, LogPoint VP Global Services, who will introduce LogPoint’s new capabilities to automate incident detection and response.Join the session to:Learn how automatic response playbooks reduce the mean time to respond See a product demo of common use cases Understand the value of truly native response capabilities in LogPoint SIEMJoining links:Oct 5 for Partners: https://logpoint.zoom.us/webinar/register/WN_lSn4uIOsSPqlMrv03T4c1QOct 7 for Customers: https://logpoint.zoom.us/webinar/register/WN_LwrLoaX5SgKLRF-A4l1NswOct 12 for Visitors: https://logpoint.zoom.us/webinar/register/WN_3Lf-tA0yTHKOa5cCyM1ATg
Already have an account? Login
Login to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.LOGIN AS PARTNER OR CUSTOMER Login with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.