A future-forward SIEM + SOAR solution that provides threat detection, investigation, and response from the cloud. One or more on-premise appliances collect, normalize, and enrich your logs and then forward them to the cloud. You access your log data through a dedicated, secure URL connection. From there you can configure what you need to start monitoring and responding to what your log data tells you.
Full cloud-capabilities combined with a minimal on-premise infrastructure lets you focus on security intelligence rather than system monitoring and maintenance. We take care of mundane tasks so you can use your time on what’s most important: ensuring the security of your IT infrastructure.
Logpoint SaaS consists of two parts:
A cloud-based Threat Detection, Investigation, and Response service. You and your entire organization use a dedicated Logpoint URL to access the SaaS Web UI. Log in and configure your Alert Rules, Dashboards, Search Templates, Report Templates, Investigation and Response Playbooks in the same way as you would through a standard Logpoint SIEM + SOAR. After that you can perform threat detection, investigation and response with vendor and custom alert rules, dashboards, and playbooks. You can also generate compliance reports.
Sending Logs to Logpoint SaaS through one or more Cloud Connector appliances that manage local or cloud-based security event log collection, normalization, enrichment and forwarding to SaaS. Your appliances get log data either through listening to dedicated ports or fetching data from log sources. After that they normalize and enrich the data before forwarding it to the cloud.
To enable communication between your Cloud Connector appliances and the cloud service, the Logpoint Cloud Connector is installed on your on-premise appliance. It forwards log data through a dedicated API Endpoint. Logpoint monitors your local device’s critical parameters like CPU, RAM, disk space, connection health, storage resources, and consistent log generation. If any service disruption is detected, Logpoint will contact you.
SaaS¶
Logpoint SaaS is a subscription-based service. With your subscription, you receive:
Dedicated endpoint and secure URL login to access the SaaS Web UI.
SaaS license and Cloud Connector license for your Connector Appliances.
Cloud Connector license includes the necessary addresses and credentials for SaaS.
Logpoint SaaS functions very similarly to Logpoint SIEM+SOAR. However, some features in on-prem SIEM are not part of SaaS. In addition, there are a few noteworthy differences you should know.
Enrichment sources need to be configured separately on the Connector Appliance and the SaaS Web UI. Configure ingest-time Enrichment sources on Connector Appliances and search-time enrichment on SaaS Web UI.
SaaS Web UI can’t access enrichment sources located on any of your private networks.
Search-time DNS Process command only resolves publicly accessible DNS names and IP addresses.
Logpoint SOAR integrations can only access cloud-based globally accessible services.
SaaS Web UI can’t access device registration entries in Cloud Connector Appliances so you can’t restrict access to logs on a per-device basis. To apply per-device access restrictions, Logpoint recommends applying access restrictions on a per-repository basis and to use the User Group Universal Query to limit access to device logs.
Logpoint Director is not yet supported via SaaS. If your solution includes Logpoint Director, it is still managed on-premises.