Curious about our SOAR use cases or have a great idea you`d like to share? Look no further!
- 17 Topics
- 40 Replies
A playbook that streamlines the process of investigating incidents associated with a specific IP address
Hey everyone,During my day to day, I identified a workload that I was able to fully automate with SOAR playbook. I have created a SOAR playbook that does the following.Takes the outbound IP address from incident data as a trigger. In my example, 188.8.131.52.The playbook automates the following workload.Checks WhosthisIP to gather information about this external IP (domain, etc) Uses SearchAPI to extract all users that have interacted with this IP (from SIEM). Also extract all the incidents related to the above IP Uses SearchAPI to get the number of incidents this user is associated in the last 12 hours Sends an email to the required address (completely customisable) with the list of those incidents info (this could be your SOC's email, or analyst's email) and waits for response Use IncidentAPI to mark this incident as resolved and Close the Case, when the email gets an response.This playbook can be nested with other playbooks or you can run it independently. Please be aware that when
Hello everyone,I hope this post finds you well. Today, I'd like to discuss how to extract custom SAP table modification logs in SIEM using LogPoint.For those unfamiliar with the concept, SIEM (Security Information and Event Management) is a technology that combines security information management (SIM) and security event management (SEM) to provide real-time analysis of security alerts generated by network hardware and applications.LogPoint is an industry-leading SIEM solution that enables users to collect and analyze log data from various sources, including SAP systems.When it comes to SAP systems, LogPoint can be used to extract modification logs for standard tables. However, for custom tables, some additional configuration is required to ensure that the logs are collected and analyzed properly.Here are the steps you can follow to extract custom SAP table modification logs in LogPoint:Step 1: Enable Change Document ObjectFirst, you need to enable the change document object for your c
Hi All,Have you tried our new ChatGPT-SOAR integration yet? The OpenAI Actions will allow you to ask ChatGPT anything and incorporate the responses into your playbooks and use cases. The actions require valid credentials you can apply for at platform.openai.com/signup. The actions allow you to send requests, receive answers and modify the model used for receiving results. To read more about the use cases: https://www.logpoint.com/en/media-room/#/pressreleases/logpoint-makes-chatgpt-soar-integration-available-3232134To download: https://servicedesk.logpoint.com/hc/en-us/articles/9183395790237-ChatGPT-Integration
Hey there, I’m not available to comment on the post from a year ago and I have follow-up questions:Mike Blomgren in his reply stated that in order to “share Alert Rules with User Groups, you need to Clone the Vendor Rule”. My questions are as follows:Does it work the same way with the “Vendor rules”? Is there an option to share the “Vendor rules”? If so, is there an available solution to share multiple (like 50 or more) vendor rules? Do you have to clone them all?Thank you in advance.
Hi folks, I was just wondering if there was a way to combine formatted messages into one result from a ForEachResult loop?Diagram showing how I would like the results to combine.I currently have a little status message that is created by having the ForEachResult connected to a Format node. Unfortunately, I can’t think of a way to combine these created Format nodes into a single Format message that can then be used elsewhere.I could feed the results into a Python script but that seems excessive for such a small thing (and would like to avoid if possible as it adds delay).I also looked to see if I could have a ‘LIST’ global parameter, but that does not appear to be the case. Any ideas?
Hi folks,I was wondering if anybody could tell me what the use case is for the new ‘Add Global Parameters’ action added in SOAR 1.0.4? As far as I can see, any output parameter from an action is already accessible from any other? From my quick tests it doesn’t look like they pass down to Sub-playbooks either, so are they just meant as a quicker way to access the values within a playbook?I couldn’t find any documentation on this, so I was hoping someone else might know the answer.
Hi folks, Another cases and playbooks question - is there a way to update the name of an existing case item from within a Playbook? By default, we are generating cases with just the incident ID for identification, but we’d ideally like to be able to update the name of the case once some additional playbooks have run.We already have a way to get the case ID etc, it’s just the renaming part we’re stuck on. Is this possible?
Hi folks,Is there a way to update a case with the output of a Playbook?For example, if I have a Playbook that checks an IP Reputation, is there any way I can get the Playbook to update the case to display the reputation response as an actual Case Annotation or something of the sort?
Analysts are constantly swamped with alerts, and to deal with this, they have to rely on repetitive manual tasks. This is like putting water on an oil fire, making the situation much worse and more time-consuming.SOCs need a solution that enables them to manage and prioritize their workflow efficiently by giving them the ability to collect security threat data and alerts from multiple sources. This is where Logpoint steps in.Previously we identified top use cases for SIEM. This time here are five common SOAR use cases that every organization should implement to reduce alert fatigue, overload and subsequently increase productivity in your SOC team.01 Automated alert triage and enrichment02 Endpoint malware mitigation03 Automated Phishing Investigation and Response04 Automated Threat Intelligence management05 Ransomware mitigationTo read the full story, read the link below: https://www.logpoint.com/en/blog/top-5-soar-use-cases/
Hi All,Have you ever found yourself asking the following questions while using /logpoint SOAR? What do i need to do to run a specific playbook? What playbooks can i run with my current set of integrations? What integrations should I get to run a specific playbook? In case the answer is yes, we have exciting news. We are pleased to announce the launch of /logpoint playbook explorer, a compact tool helping you to maximize the security value of your integrations and SOAR playbooks.For your convenience, we have also created a short walk-through video attached below.You can access /logpoint playbook explorer via the link below:https://docs.logpoint.com/playbook-explorer Should you have more questions, do not hesitate to reach out to us here or via email@example.com
Hi, Is anyone using the VirusTotal integration into their SOAR?I was all for getting it setup until I saw that you cannot use the free Public API in a commercial product.“The Public API must not be used in commercial products or services.” (https://developers.virustotal.com/reference/public-vs-premium-api) So, is anyone using the Premium API? and is it really $10,000 per year?Or are you sticking to the public API and hoping to not get blacklisted?Cheers
Using logpoint to fetch logs from Microsoft Office 365 but unable to receive the logs of emails (like:- email delivery etc ) except the mail delivery fail logs.Able to fetch the logs like:-Mail delivery failureNot able to reveive the logs like:-Mail deliveredAny suggestion? Any Solution?
Analysts are constantly swamped with alerts, and to deal with this, they have to rely on repetitive manual tasks. This is like putting water on an oil fire, making the situation much worse and more time-consuming.SOCs need a solution that enables them to manage and prioritize their workflow efficiently by giving them the ability to collect security threat data and alerts from multiple sources. This is where Logpoint steps in.Previously we identified top use cases for SIEM. This time here are five common SOAR use cases that every organization should implement to reduce alert fatigue, overload and subsequently increase productivity in your SOC team.01 Automated alert triage and enrichment02 Endpoint malware mitigation03 Automated Phishing Investigation and Response04 Automated Threat Intelligence management05 Ransomware mitigation01 Automated alert triage and enrichmentLogpoint SOAR automates alert triage and enriches the alerts with additional information from multiple sources enabling
Tak til alle der deltog i vores seneste Masterclass for Norden. Glem ikke at gå ind og registrere dig til vores næste Masterclass d. 26 April, du kan læse mere her: https://go.logpoint.com/Nordic_Masterclass_2022. Hvis du ikke fik chancen til at se det live kan du her se optaglesen samt præsentationen.
Our converged SIEM+SOAR performs automated investigation and response to cybersecurity incidents using playbooks. Playbook Design Service is an additional service assisting organizations with refining and optimizing your manual incident response processes into documented workflows and automated playbooks tailored for your organization. Our service encompasses a complete playbook lifecycle, from understanding your specific needs to the creation, development, and testing of the playbook. Having our Global Services experts by your side enables utilizing your SIEM to its fullest extent, reducing your workload, and increasing your ROI on security controls. For more information, download our Playbook Design Service brochure: https://go.logpoint.com/playbook-design-service?_ga=2.39629923.1196326192.1645625385-1446914226.1645171249&_gac=1.261194623.1642752963.CjwKCAiA0KmPBhBqEiwAJqKK412rigizVIxknwM7T0qJ3YeUrzEpvCi5Q4a5OEID4NJS455Nz2QDixoCaZUQAvD_BwE
Hi All,Just wanted to remind you of the awesome opportunity to join our live session with Doron Davidson, LogPoint VP Global Services, who will introduce LogPoint’s new capabilities to automate incident detection and response.Join the session to:Learn how automatic response playbooks reduce the mean time to respond See a product demo of common use cases Understand the value of truly native response capabilities in LogPoint SIEMJoining links:Oct 5 for Partners: https://logpoint.zoom.us/webinar/register/WN_lSn4uIOsSPqlMrv03T4c1QOct 7 for Customers: https://logpoint.zoom.us/webinar/register/WN_LwrLoaX5SgKLRF-A4l1NswOct 12 for Visitors: https://logpoint.zoom.us/webinar/register/WN_3Lf-tA0yTHKOa5cCyM1ATg
Already have an account? Login
Login to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.LOGIN AS PARTNER OR CUSTOMER Login with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.