LogPoint SIEM Integration

Details
Content
Dependencies
Version History

Use this Content Pack to fetch incident logs from LogPoint, analyze them for underlying threats, and respond to these threats in real-time.

LogPoint is a security information and event management (SIEM) solution that detects, analyzes, and responds to threats within your data for faster security investigations. LogPoint provides a complete view of the threat landscape by automatically identifying and sending alerts about any critical incidents or abnormalities in your system.

The LogPoint SIEM integration combines security monitoring and incident response to help security staff respond to and resolve incidents fast.

Capabilities of the LogPoint SIEM content pack

The playbooks in the pack are based on LogPoint SIEM data and help automate repetitive tasks associated with LogPoint SIEM incidents:

Syncs and updates LogPoint SIEM incidents.
Helps analysts focus on important alerts with built-in incident prioritization.
Reduce mean time to respond with incident mapping.
Contains a sample playbook to guide users on creating unique playbooks.
Full incident control with the ability to update, resolve, and close incidents.
Automates coordinated actions and responses to save time on incident resolution.
Provides search commands to get logs from LogPoint devices and repos.

The LogPoint SIEM integration combines security monitoring and incident response to help security staff respond to and resolve incidents fast.

Capabilities of the LogPoint SIEM content pack

The playbooks in the pack are based on LogPoint SIEM data and help automate repetitive tasks associated with LogPoint SIEM incidents:

Syncs and updates LogPoint SIEM incidents.
Helps analysts focus on important alerts with built-in incident prioritization.
Reduce mean time to respond with incident mapping.
Contains a sample playbook to guide users on creating unique playbooks.
Full incident control with the ability to update, resolve, and close incidents.
Automates coordinated actions and responses to save time on incident resolution.
Provides search commands to get logs from LogPoint devices and repos.

Classifiers

Name	Description
LogPoint SIEM Integration - Incoming Mapper	Maps LogPoint Incident fields

Incident Fields

Name	Description
LogPoint Throttle Enabled	LogPoint Throttle Enabled
LogPoint Loginspect IP DNS	LogPoint Loginspect IP DNS
LogPoint LogPoint Name	LogPoint LogPoint Name
LogPoint Query	LogPoint Query
LogPoint Username	LogPoint Username
LogPoint Repos	LogPoint Repos
LogPoint Comments Count	LogPoint Comments Count
LogPoint Object ID	LogPoint Incident Object ID
LogPoint Tid	LogPoint Tid
LogPoint Assigned To	LogPoint Assigned To
LogPoint Status	LogPoint Status
LogPoint User Id	LogPoint User Id
LogPoint Rows Count	LogPoint Rows Count
LogPoint Last Action	LogPoint Last Action
LogPoint Detection Timestamp	LogPoint Detection Timestamp
LogPoint IncidentId	LogPoint Incident ID
LogPoint Time Range	LogPoint Time Range
LogPoint AlertObjId	LogPoint Alert Obj Id
LogPoint Visible To	LogPoint Visible To
LogPoint Comments	LogPoint Comments

Incident Types

Name	Description
LogPoint Incident

Integrations

Name	Description
LogPoint SIEM Integration (Partner Contribution)	Use this Content Pack to search logs, fetch incident logs from LogPoint, analyze them for underlying threats, and respond to these threats in real-time.

Playbooks

Name	Description
LogPoint SIEM Playbook	LogPoint SIEM Playbook guides users on use cases like blocking IP and domain and disabling users using products like CheckPoint Firewall, Active Directory, and VirusTotal. The actions depicted in the playbook helps analysts create their playbooks based on actual requirements and products deployed. (Available from Cortex XSOAR 6.0.0).

Classifiers

Name	Description
LogPoint SIEM Integration - Incoming Mapper	Maps LogPoint Incident fields

Incident Fields

Name	Description
LogPoint Repos	LogPoint Repos
LogPoint Rows Count	LogPoint Rows Count
LogPoint AlertObjId	LogPoint Alert Obj Id
LogPoint IncidentId	LogPoint Incident ID
LogPoint Query	LogPoint Query
LogPoint Comments	LogPoint Comments
LogPoint Assigned To	LogPoint Assigned To
LogPoint Comments Count	LogPoint Comments Count
LogPoint Tid	LogPoint Tid
LogPoint Status	LogPoint Status
LogPoint User Id	LogPoint User Id
LogPoint LogPoint Name	LogPoint LogPoint Name
LogPoint Loginspect IP DNS	LogPoint Loginspect IP DNS
LogPoint Last Action	LogPoint Last Action
LogPoint Throttle Enabled	LogPoint Throttle Enabled
LogPoint Object ID	LogPoint Incident Object ID
LogPoint Visible To	LogPoint Visible To
LogPoint Time Range	LogPoint Time Range

Incident Types

Name	Description
LogPoint Incident

Integrations

Name	Description
LogPoint SIEM Integration (Partner Contribution)	Use this Content Pack to search logs, fetch incident logs from LogPoint, analyze them for underlying threats, and respond to these threats in real-time.

Playbooks

Name	Description
LogPoint SIEM Playbook	LogPoint SIEM Playbook guides users on use cases like blocking IP and domain and disabling users using products like CheckPoint Firewall, Active Directory, and VirusTotal. The actions depicted in the playbook helps analysts create their playbooks based on actual requirements and products deployed. (Available from Cortex XSIAM 6.0.0).

Required Content Packs (6)

Pack Name	Pack By
Active Directory Query	By: Cortex XSOAR
Base	By: Cortex XSOAR
Check Point Firewall	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
VirusTotal	By: VirusTotal

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (10)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
VirusTotal	By: VirusTotal
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Check Point Firewall	By: Cortex XSOAR
Active Directory Query	By: Cortex XSOAR
Remote Access	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

1.2.11 - 1221739 (July 29, 2024)

Integrations

LogPoint SIEM Integration

Added the timeout parameter to the lp-get-searchid command, which enables you to define the amount of time that the integration will try to execute commands before it throws an error.
Updated the lp-search-logs command to retrieve all the search logs, instead of only a portion.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 34185
- 35632

Download

1.2.10 - 938811 (April 7, 2024)

Integrations

LogPoint SIEM Integration

Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

1.2.9 - 927547 (April 1, 2024)

Mappers

LogPoint SIEM Integration - Incoming Mapper

Maintenance and stability enhancements.

Related pull requests:
- 33495

Download

1.2.8 - R5866730 (July 25, 2023)

Integrations

LogPoint SIEM Integration

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.2.7 - R5450895 (June 5, 2023)

Integrations

LogPoint SIEM Integration

Added type validations and other internal code improvements.

Related pull requests:
- 18028

Download

1.2.6 - 2369391 (February 6, 2022)

Incident Fields

LogPoint Last Action

Download

1.2.5 - 2353377 (February 3, 2022)

Incident Fields

LogPoint Detection Timestamp

Download

1.2.4 - 2303329 (January 25, 2022)

LogPoint SIEM Integration

Upgraded the Docker image to: demisto/python3:3.9.5.20070.

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	January 27, 2021
Last Release	July 29, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.