Import AgentX playbooks

Import SOAR playbooks for automated investigation and incident response with AgentX.

Prerequisites

• Logpoint v7.8.0 or later

• SOAR enabled in Logpoint

• AgentX playbooks .zip file downloaded from Help Center

• Administrator access to Logpoint

• Password for the .zip file (if password-protected)

Enable SOAR

Before importing playbooks, you must enable SOAR in Logpoint:

1. Go to Settings > System Settings and select System Settings.

2. Select General.

3. Select Enable SOAR in Logpoint.

4. Select Save.

Procedure

1. Go to SOAR Settings in the navigation bar and select System Export/Import.

2. Select Import.

3. Select Upload File and browse to the AgentX playbooks .zip file.

4. If the file is password-protected, enter the password.

5. Select Continue.

6. Review the package details to verify the import contents.

7. Select Import.

8. Wait for the import to complete. This may take several minutes.

9. Select Close when the import completes.

Expected outcome

AgentX playbooks appear in the Playbooks list and are ready for use in automated workflows.

Verification

1. Go to Playbooks in the navigation bar.

2. Search for "Logpoint AgentX" or "AgentX" in the playbook list.

3. Verify that AgentX playbooks appear, including:

   • Logpoint AgentX Ip-Block

   • Logpoint AgentX Process Dump

   • Logpoint AgentX Isolate-Unisolate Host

   • Logpoint AgentX Remove Item

   • Logpoint AgentX Terminate Process

   • Osquery Investigation playbooks

Configure AgentX APIs in SOAR

After importing playbooks, configure AgentX API integration:

1. Go to Settings > SOAR Settings and select Playbook Integrations.

2. Search for "AgentX" in Search Integration.

3. Select the ellipsis icon next to AgentX.

4. Select Configure Instance.

5. In manager_ip, enter your Logpoint IP address.

6. Select Save.

Next steps

• AgentX playbooks reference