//Top 10 use cases to implement

Top 10 SIEM use cases to implement

With the growing demand for SIEM solutions, companies would like to have at their fingertips the answers to any number of security and business challenges that pop up during their day-to-day operations.

These are the top 10 SIEM use cases and behaviors that LogPoint can detect in your infrastructure. If you’d like more information about any of these use cases or have any use cases you find particularly relevant, please reach out. We’d love to hear from you!

01 Authentication activities

Authentication activities with added context, such as logins in critical systems and failed login attempts greater than a given threshold.

LogPoint SIEM Top 10 Successful Logins

Successful logins

norm_id=* label=User label=Login label=Successful -user=*$ host IN CRITICAL_SYSTEM | chart count() by host, user order by count() desc limit 10

LogPoint SIEM Top 10 Successful Logins
LogPoint SIEM Failed Logins Above Threshold

Failed logins above a threshold

norm_id=* label=User label=Login label=Fail -user=*$ user=* | chart count() as "Count" by user order by "Count" desc limit 10 | search "Count">50

02 Account management

Monitoring of user account creation, deletion and other activities to monitor resource and system access privileges.

LogPoint SIEM User Account Creation

User account creation

norm_id=WinServer* label=User label=Account label=Management label=Create -target_user=*$ -user=*$ | chart count() by log_ts, domain, user, action, target_user order by count() desc limit 10

LogPoint SIEM User Account Creation
LogPoint SIEM User Account Deletion

User account dele