User monitoring

LogPoint enriches all activity data with user context and behavioral context. This means that not only is it possible to track what the user is doing, it is also done with contextual information known about the user from the user’s past actions, for instance, raised alerts, UEBA observations, etc.

LogPoint has developed a unique value-based normalization approach. With value-based normalization approaches, IAM events are classified and fit into a general schema mapped to whatever threat model the organization relies on- for instance, MITRE ATT&CK.

With this approach IAM monitoring is taken to the next level and is widely reported by our customers as being best in class, both in terms of the coverage, but also the integration to UEBA and time-to-value

Active Directory (AD) monitoring us fully supported through eventlog collection. LogPoint provides out-of-the-box use-cases including dashboards, reports, and alerts on various AD activities

LogPoint supports log collection, persistent storage and log data access in the following environments:

• AWS: LogPoint has support for collecting data in AWS through the Amazon CloudTrail service. LogPoint can store logs in AWS by deploying a LogPoint instance or by using the S3 storage solution in AWS.
• Azure: LogPoint has support for collecting data in Azure through EventHub. LogPoint can store data in Azure by deploying LogPoint instances.

Data is accessed in Azure through the OMS interface. Microsoft recommends retrieving and storing data with Eventhub, and OMS is supported.

While LogPoint has the ability to support other cloud environments like IBM Cloud, Google Cloud and Oracle Cloud, there has been no interest in these integrations to date

Fully supported either through the use of TLS based HTTP APIs or through the use of the LogPoint agent or intra-SIEM communications (between SIEM modules deployed in-cloud and on-premise)