Threat Intelligence

Is Threat Intelligence (TI) included in LogPoint?

LogPoint includes a native Threat Intelligence application, based on free feeds, like Emerging Threats, Critical Stack, and others. Additional Threat Intelligence integrations can be acquired through LogPoint or directly from 3rd party vendors. These include Emerging Threats Pro, Anomali, ThreatQuotient, ThreatStream, Symantec, Kaspersky, BlueLiv, and Recorded Future

More information:

How does the LogPoint Threat Intelligence application work?

LogPoint features one common threat intelligence language that merges a wealth of feeds into a single database for easy analysis (one common taxonomy). The analysis is possible against user names, IP addresses, domains, URLs, email addresses, file hashes. Enrichment is static (persist data with logs) and dynamic (query-time non-persist)

More information:

Which Threat Intelligence formats are supported by LogPoint?

LogPoint includes full support for for STIX, TAXII, OpenIoC, and MISP

How does LogPoint support the integration of business and organizational context in the SIEM solution?

LDAP, ODBC, and APIs can be used to pull in supporting business context for analysis. This includes SAP, Salesforce, any database, and also LDAPs. All collected key-value pairs can be enriched with any external and relevant metadata, including CMDBs but also referencing customer ID numbers with sales pipelines, etc.

Any enrichment information present in the system is automatically applied to data as it progresses through the ingest pipeline, dramatically reducing the complexity the analyst is faced with on a day to day basis.

Alert prioritization, contextual analytics, etc. all benefit from business context information, and LogPoint is one of the only vendors that extend the data metamodel to cover this information throughout