By Martha Chrisander, Head of Product Marketing, LogPoint
The latest LogPoint release is all about helping security analysts speed up the investigation process. LogPoint 6.9 helps analysts better understand what is critical to investigate and reduces the number of manual steps in the investigation process.
Watch Guy Grieve, Presales Manager at LogPoint, give a demo of three key features that give analysts increased situational awareness.
Connect the dots of a progressing attack – A MITRE ATT&CK visualization application helps analysts track the stages of an attack and see ATT&CK observations in the network. When an incident is triggered, it’s highlighted in a heat map, helping the analyst piece together different incidents and know what to investigate. Additionally, choose any tactic and see all associated alerts, helping to assess security coverage.
Save time by easily pivoting between tasks – Analysts can carry key-value pairs from search as input parameters to search templates. When analysts want to drill forward from logs to search templates, they can select relevant points and the system will forward the user to the relevant search template. This is useful in incident investigation and helps analysts pivot from something in search to find out what else is going on.
Simplify the steps of incident investigation – In UEBA users can save time by clicking on an anomaly and creating an incident. The anomaly is saved in LogPoint and analysts can assign it to another user for further investigation. Manually creating an incident complements the existing automatic incident creation in UEBA where customers can tune the alert based on inclusion, exclusion and risk threshold.
Visit the LogPoint Help Center to download the latest version of LogPoint and read the release notes.