Integration

Third-party technologies can be integrated  in several ways:

• It is straightforward to write normalization rules to ingest any type of data.
• It is possible to query all stored data, reports, alerts, and raw data from the Search API. It is easy to use API based outbound integrations to feed data to third party systems through different types of REST, scripting, SMTP and similar protocols
• LogPoint integrates with third-party technologies in unmatched development time. Customers can request new support directly via support/engineering, and it is easy for LogPoint to create plugins that are delivered seamlessly thanks to the modular architecture of our solution

More information: https://www.logpoint.com/en/product/integrations/

LogPoint’s Search API is available in all LogPoint servers and allows an external application to query the log archive using standard LogPoint queries, and the result is returned in JSON format. Furthermore, the LogPoint Director API allows an MSSP or large organization to perform every administrative task on the SIEMs or pools of SIEMs via APIs such as configuration changes, adding log sources, etc. It is a restful API

Within LogPoint’s Agent, along with various other fetchers such as FTP fetching, it is possible to buffer and batch send logs at specific regular intervals to the desired LogPoint collector, reducing strain on the network. LogPoint can implement policy-based routing within the platform to automatically drop specifically collected data that is considered unimportant or unworthy of long term log storage, allowing customers to minimize the amount of traffic sent across the network by limiting it to only key log data – something difficult to do in other solutions.

As LogPoint’s deployment is modular, collectors and backends can also be installed at remote sites to reduce bandwidth usage across MPLS and VPN networks as data can either be stored off-site or sent to a desired LogPoint backend in a compressed format.

Finally, the collection tier allows analysts to specify the maximum bandwidth consumed. This allows the egress volume to be controlled and capped at a set rate

As LogPoint bases its core backend on SQL-less technology and utilizes a flat-file storage system using Apache Lucene, splitting data across multiple tiers is simple for the user. LogPoint can have defined retention periods per tier (storage location) per repository.

LogPoint, through the use of NIFI, supports connections to remote data-lakes, including Hadoop. LogPoint also offers integration to Elastic datastores for querying. In regards to Hadoop-type integrations, LogPoint can query and pull in supporting or corroborating data to an ongoing investigation and use this as contextual data for further analysis

LogPoint is the only SIEM on the market that offers data masking, that allows analysts to investigate and act on data without having to see the actual underlying data (for instance social security numbers, PCI, tec.). If the analyst requires unmasked data, a well-defined workflow is initiated, which triggers a request to a different role. Once the request for access has been granted or denied, extensive logging and audit trails on what data was requested and accessed are captured.

This solution has allowed many privacy concerned organizations to venture into MSSP-engagements because LogPoint guarantees that sensitive data is not shared outside the organization without prior approval. No other vendor on the market has this capability

Because LogPoint bases its core backend on SQL-less technology and utilizes a flat-file storage system using Apache Lucene, splitting data across multiple tiers is simple for the user. LogPoint can have defined retention periods per tier (storage location) per repository.

LogPoint, through the use of NIFI, supports connections to remote data-lakes, including Hadoop. LogPoint also offers integration to Elastic datastores for querying.