circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Create a template

Create a custom template to define which logs and telemetry AgentX collects from Windows or Linux endpoints.

hashtag
Prerequisites

  • AgentX Manager installed in Logpoint

  • Administrator access to Logpoint

  • Understanding of which data sources you need to monitor

hashtag
Procedure

  1. Go to Settings > Configuration and select AgentX.

  2. Select Templates.

  3. Select ADD.

  4. Enter a Template Name.

  5. Select an Operating System:

    • Windows - Enables Windows Eventlog Collection, File Collection, File Integrity Scanner, and Windows Registry Scanner

    • Linux - Enables File Collection and File Integrity Scanner

  6. Enter a Description for the template.

  7. Under Agent Service Configuration, select the services to enable:

    • OSQuery - Enables system state queries and endpoint investigation

    • Active Response - Enables automated remediation actions

    • SCA - Enables Security Configuration Assessment for compliance scanning

  8. Configure collection sources:

  9. Select Save to save the template.

hashtag
Expected outcome

The new template appears in the Templates list and can be selected when configuring AgentX for devices.

hashtag
Verification

  1. Go to Settings > Configuration and select AgentX.

  2. Select Templates.

  3. Verify that your new template appears in the list.

  4. Select the template name to review the configuration.

hashtag
Configuration guidelines

Enable all agent services for comprehensive monitoring Unless resource constraints are a concern, enable OSQuery, Active Response, and SCA to gain full visibility and response capabilities.

Start with default templates Before creating custom templates, test the default templates to understand baseline collection. Create custom templates only when specific requirements justify the additional maintenance.

Use descriptive names Name templates based on their purpose or the endpoint type they target (e.g., windows_domain_controllers, linux_web_servers, pci_compliant_systems).

Document template purposes Use the Description field to explain why the template exists and which endpoint types should use it. This helps other administrators understand when to use each template.

hashtag
Next steps

Last updated

Was this helpful?