What are the advantage of real-time analytics vs queries?
Whereas other SIEM platforms relies on queries, the implementation of real-time streaming in LogPoint has dramatically reduced the hardware requirements and increased the capacity of the SIEM compared to competitors. Other SIEM platforms still rely on “Elastic Search” type deployments where queries are the foundation of analytics, which is a slow and relatively outdated approach to solve big data analytics challenges
Does LogPoint support 3rd party security orchestration, automation and response (SOAR) platforms?
Yes. LogPoint comes with full native integration for Swimlane, Phantom Cyber, DFLabs, SIEMPLIFY, and Demisto
What does the LogPoint investigation workflow look like?
The investigation tier of LogPoint is managed through the analysis tier and is part of that component. It is through this component that customers can integrate with ticketing, workflow, SOAR tools, or deploy response rules to automate remediating steps when threats are detected
Does LogPoint support 3rd party Service Desk solutions?
Yes. LogPoint comes with two-way integrations for HP Openview, BSM, ServiceNow, and Remedy. These platforms can retrieve additional information through the use of the Seach-API and can update the state of the ticket in the SIEM through the use of the management API
Does LogPoint integrate with Endpoint Protection Platforms?
LogPoint has out-of-the-box support for all widely used endpoint detection platforms, including Symantec, Kaspersky, and Trend Micro. Most other endpoint vendors such as Sentinel One and Carbon Black send syslog messages back to LogPoint. Using the one common event taxonomy, LogPoint can identify, correlate, and prioritize observations from endpoint solutions. Event-data from Endpoint platforms are fully integrated with UEBA and incident investigations platforms, allowing customers to full visibility and enjoy advanced detection that bridges Endpoint and other sources seamlessly
How does Advanced Threat Detection work in LogPoint?
LogPoint delivers a solution with advanced algorithms implemented to support attack detection and countless use-cases. LogPoint relies on a streaming analytics framework that is used in UEBA contexts and for leyving machine learning and advanced statistical models for moving above and beyond the “query and filter” based approach to statistical alerts. With this streaming based model, LogPoint customers can use out-of-the-box alerting that combines peer-grouping of activities with historical patterns to detect when users start to deviate from what their peers are doing
Which add-ons are available in LogPoint?
LogPoint is licensed on a per-node basis, and the full capability of the platform is unlocked through this license with no need for additional add-on technologies which separates us from competing vendors. The only exception Is the LogPoint UEBA module, which Is a fully-Integrated turn-key add-on that provides within one day once enabled.
LogPoint has an extensive and easy to use App Store for its customers and partners where they can access all optional/addon plugins etc. All provided free of charge, making it easier for customers to manage the cost of their SIEM
Which rules and models are includeed in the LogPoint out-of-the-box offering?
LogPoint offers hundreds of out-of-the-box rules and models. Each application is delivered with rules for dashboards, reports, and alerts that can be easily copied or modified to the customers’ requirements. All applications and the out-of-the-box rules are delivered as a part of the base license
The LogPoint UEBA-module is delivered with more than 400 machine learning models – all included in the UEBA license based on entities monitored
How does LogPoint support network traffic monitoring and analysis?
LogPoint supports several different network monitoring platforms. Through OEM and deep technical partnerships, LogPoint brings the intellectual property from RedSocks, Qosmos(ENEA), Trend Micro Deep Security, Plixer and others to enable customers to accelerate detection and response to threats identified outside the network.
LogPoint enables the combination of SIEM and network traffic monitoring for increased visibility. The output of network traffic monitoring tools is fully supported and part of the UEBA and ML-prioritized offering, ensuring full product integration for the customer.
With LogPoint analysts have a single console that bridges together the technologies to achieve faster situational awareness
How does LogPoint support monitoring and threat detection in cloud environments?
UEBA and advanced analytics in LogPoint is delivered solely on the LogPoint taxonomy. This means that as long as sources can output data and that it can be mapped, it can be analyzed in LogPoint. LogPoint has support for MITRE ATT&CK modeling of attacks, threat actors and threats and through the taxonomy and current range of integrations, LogPoint report to us that they can identify and respond to threats equally well in clouded environments as they are on-premise
How does LogPoint support backup of the SIEM solution and associated data?
LogPoint includes multiple capabilities to backup configuration and data; Backup and Restore, Snapshots, and Sync.
- Backup & Restore: Allows the user to either backup the configuration and/or logs into a zip file that can be downloaded from the appliances via S/FTP and can be used to restore at any time
- Snapshots: If the user wishes to make a full snapshot of the appliance before making changes or executing an update on the appliance, they can quickly create snapshots to store on the system with date and time, along with the name of the snapshot
- Sync: Allows the user to only backup log source information, such as normalization policies, collection policies
How does LogPoint support agents for application activity monitoring?
Agents typically push data through API or ODBC or Syslog. LogPoint supports Onapsis/AgileSI and many others.
Due to the one common taxonomy, analytics from application activity monitoring fits seamlessly into LogPoint and can be easily correlated and understood