AgentX search templates

Access pre-built search templates for common AgentX investigations and analysis workflows.

Prerequisites

• AgentX KB installed in Logpoint

• AgentX collecting logs from endpoints

• Access to Logpoint search interface

Procedure

1. Go to Search Templates in the navigation bar.

2. Select VENDOR SEARCH TEMPLATES from the dropdown.

3. Locate the AgentX search templates in the list.

4. Select the Clone icon under Actions for the search template you want to use.

5. Logpoint forwards you to MY SEARCH TEMPLATE with the cloned template.

6. Select the template name to open it.

7. Review the available searches and dashboards in the template.

Expected outcome

The cloned AgentX search template appears in your personal search templates. You can customize the cloned template without affecting the original vendor template.

Available search templates

LP_AgentX Contains searches and dashboards for:

• Agent overview and health monitoring

• File integrity management

• Security configuration assessment

• Endpoint compliance (PCI DSS, NIST 800-53)

• Rule triggers and alerts

LP_Browser Extension Investigation Contains searches for investigating browser extensions and related security events on endpoints.

Configuration guidelines

Clone templates before customization Always clone vendor search templates before customization. This preserves the original template for future reference and allows you to revert changes if needed.

Update cloned templates after upgrades When you upgrade AgentX KB, review the vendor search templates for updates. You may need to reclone templates to access new searches or improved queries.

Share customized templates with team After customizing cloned templates, you can export and share them with other team members for consistent investigation workflows.

Next steps

• Add AgentX dashboards

• Access Windows logs

• Access Linux logs