By Christian Have, VP of product management in LogPoint - March 2017
After a long period of development, we are now ready with the largest feature release of the LogPoint agent in the history of LogPoint.
With this release the agent will be faster, more stable and offer more features. Combined with the recent changes in LogPoint 5.6 (Policy Based Routing), the new agent can make drastic cuts in resource consumption!
With our new release, we introduce FIM and Registry monitoring as fundamental new features. Additionally, we now support distributed environments for LogPoint Agents to exist in. That is; if you have multiple back-ends and collectors, the Agents will be manageable from a single location.
Also with this release we have released a new compiled normalizer for Windows. This compiled normalizer extracts data from the Windows eventlog in XML and uses the LPA to translate it to JSON before sending it in. JSON being faster to parse and more efficient to store compared to XML and the raw eventlog data, we achieve a substantial performance improvement.
NOTE: The LPA_Windows normalizer can be used by our NXLog Enterprise customers too, they need to add a simple to_json();, to the existing XML based eventlog collection.
Over the coming days we will publish some use-cases and examples where the LPA is used with Policy Based Routing and Threat Intel so stay tuned!
Find the Agent here.
You are always welcome to get in touch if you have any questions! Find your local LogPoint office here.
With LogPoint, you will discover a full enterprise SIEM solution.
LogPoint is EAL 3+ certified and the solution is tailored to solve the specific security management challenges of your business - whether the goal is compliance, forensics or operational insight.
And the best part..? We have the most predictable licensing model in the industry.