LogPoint integrates with a wide range of network and firewall devices. The data from these devices can be normalized, aggregated, enriched, and correlated to ensure security inside the network. Furthermore, Threat Intelligence feeds can be used to enrich the log data to understand if the network is being targeted by an external attacker. LogPoint can check various activities such as allowed and denied connections, usage of data and applications, connection to threat sources, or any other suspicious activities.
[norm_id=PaloAltoNetworkFirewall label=Threat source_address IN HOMENET -destination_ address IN HOMENET destination_address=* | process ti(destination_address)] as s1 join [(col_type=qualys_fetcher OR col_type=tenablesecuritycenter_fetcher OR norm_ id=VulnerabilityManagement) source_address=* severity>4] as s2 on s1.source_address=s2. source_address | rename s1.et_ip_address as DestinationAddress, s1.cs_ip_address as DestinationAddress, s2.source_address as SourceAddress, s1.et_category as ThreatCategory, s1.cs_category as ThreatCategory, s1.et_score as ThreatScore, s1.cs_score as ThreatScore, s2.title as VulnerabilityPresent | chart max(ThreatScore) as ThreatScore by SourceAddress, VulnerabilityPresent, DestinationAddress, ThreatCategory order by ThreatScore desc limit 10