Alert Rules consists of alert packages, the LP_Mitre Attack Analytics Overview dashboard package and Knowledge Base (KB) Lists for analytics integrated into Logpoint. It provides a compliance and triage dashboard, enabling you to analyze trends and behaviors of entities and users within the organization and perform defensive gap assessment with MITRE ATT&CK. The alerts triggered by Logpoint are categorized based on the MITRE ATT&CK framework and are the starting point to build various detection techniques. When Logpoint identifies threats within your environment, it triggers security alerts based on predetermined rules, allowing you to detect the malicious activity, advanced malware and their Techniques, Tactics and Procedures (TTPs) early, so you can take corrective actions against them. You can customize dashboards and alerts to suit your needs and perform in-depth analysis with customized data and searches.
Logpoint’s ATT&CK navigator shows the coverage of the ATT&CK framework in Logoint. You can use the navigator to match Logpoint alerts with the relevant ATT&CK techniques and tactics. Read more about MITRE ATT&CK techniques and tactics in addition to their integration in Logpoint on the Logpoint website.
Alert Rules Component
Alert Packages
Dashboard Package
LP_Mitre Attack Analytics Overview
Search Template
LP_Mitre Attack Analytics Overview
Required Log Source
MITRE ATT&CK Analytics
Windows Security Audit
Windows Sysmon
Default Alert Rules
All applicable log sources