Logpoint - Endpoint Security - AgentX
1.8.0 (latest)
1.7.0
1.6.0
1.5.0
1.4.6
1.4.5
Logpoint - Endpoint Security - AgentX
Version:
1.8.0 (latest)
1.7.0
1.6.0
1.5.0
1.4.6
1.4.5
×
Page Contents
Table of Content
Table of Content
¶
AgentX
Functions
Log and Telemetry Collection
Eventlog Collection
Flat File Log Collection
Monitoring
File Integrity Monitoring
Registry Integrity Monitoring
Security Configuration Assessment
Log Enrichment
Compliance Enrichment
MITRE ATT&CK Framework Enrichment
Components
Quickstart
Prerequisite
Supported Architectures
Supported Operating Systems
Network Ports
Installing AgentX
Installation and Uninstallation
Installation in Logpoint
Installation in Endpoints
Supported Flags
Windows
Individual Installation
Mass Installation
Mass Installation using Microsoft Intune
Mass Installation using Windows GPO
Enable MSI logging with Group Policy
Creating a Microsoft Transform File
Mass Upgrading using Windows GPO
Mass Uninstallation using Windows GPO
Mass Installation using Microsoft System Center Configuration Manager (SCCM)
Debian Linux
Uninstallation from Logpoint
Uninstallation from Endpoints
Windows
Debian Linux
Configuration
Global Settings
Templates
Windows Eventlog Collection
File Collection
File Integrity Scanner
Windows Registry Scanner
Agents
Certificates
Migration
Rollback the Migration
Mode of Operation
Standalone Mode
Distributed Mode
Implementation of Load Balancer with AgentX Cluster
Configuring AgentX APIs in SOAR
Adding a Normalization Policy
Adding Windows or Linux Device in Logpoint
Configuring AgentX in Device
Accessing AgentX Logs
Windows Logs
Windows Logs
Windows Generic Logs
Windows Event Channel Logs
Windows Sysmon Logs
Windows Security Auditing Logs
Windows Security Configuration Assessment Logs
Windows OSQuery Logs
Windows Active Response Logs
Windows File Integrity Management Logs
Windows DNS Server Logs
Windows IIS Logs
Windows DHCP Logs
Windows MSSQL Logs
Linux Logs
Unix Generic Logs
Unix Security Configuration Assessment Logs
Unix OSQuery Logs
Unix Active Response Logs
Unix File Integrity Management Logs
Unix Audit Logs
Unix Sysmon Logs
Unix NginX Logs
AgentX Analytics
AgentX Dashboards
LP_AgentX - Agents Overview
LP_AgentX - Endpoints Compliance - PCI DSS
LP_AgentX - Endpoints NIST Compliance
LP_AgentX - File Integrity Management
LP_AgentX - Rule Triggers Overview
LP_AgentX - Security Configuration Assessment
Adding AgentX Dashboards
AgentX Search Templates
Viewing the AgentX Search Templates
AgentX Playbooks
Active Response Playbooks of AgentX
1. Logpoint AgentX Ip-Block
Use Case
Dependencies
Playbook Process
Playbook Parameters
2. Logpoint AgentX Process Dump
Use Case
Dependencies
Playbook Process
Playbook Parameters
3. Logpoint AgentX Isolate-Unisolate Host
Use Case
Dependencies
Playbook Process
Playbook Parameters
4. Logpoint AgentX Remove Item
Use Case
Dependencies
Playbook Process
Playbook Parameters
5. Logpoint AgentX Terminate Process
Use Case
Dependencies
Playbook Process
Playbook Parameters
6. Logpoint AgentX Retrieve File Hash
Use Case
Dependencies
Playbook Process
Playbook Parameters
7. Logpoint AgentX Delete Scheduled Task
Use Case
Dependencies
Playbook Process
Playbook Parameters
8. Logpoint AgentX Disable Scheduled Task
Use Case
Dependencies
Playbook Process
Playbook Parameters
9. Logpoint AgentX Disable StartUp Service
Use Case
Dependencies
Playbook Process
Playbook Parameters
10. Logpoint AgentX Restart Service
Use Case
Dependencies
Playbook Process
Playbook Parameters
11. Logpoint AgentX Extract File Header Bytes
Use Case
Dependencies
Playbook Process
Playbook Parameters
Osquery Playbooks AgentX
1. Osquery Investigation Initiation by Logpoint Incident
Use Case
Dependencies
Playbook Process
Playbook Parameters
2. Osquery Investigate Process - Main Incident Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
3. Osquery Check Process Execution State – Main
Use Case
Dependencies
Playbook Process
Playbook Parameters
4. Osquery Get Process Suspicious DLL Loads
Use Case
Dependencies
Playbook Process
Playbook Parameters
5. Osquery Get Process Socket - Main Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
6. Osquery Get Process Listening Status - Main Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
7. Osquery Get Process Hash – Main Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
8. Osquery Investigate Host – Main Incident
Use Case
Dependencies
Playbook Process
Playbook Parameters
9. Osquery Get Host OS Version – Main Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
10. Osquery Get Host Uptime – Main Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
11. Osquery Get Host Security Patch Installations – Main
Use Case
Dependencies
Playbook Process
Playbook Parameters
12. Osquery Get Host Startup Items – Main
Use Case
Dependencies
Playbook Process
Playbook Parameters
13. Osquery Get Host FW and AV status – Main
Use Case
Dependencies
Playbook Process
Playbook Parameters
14. Osquery Get Logged in Users– Main Generic
Use Case
Dependencies
Playbook Process
Playbook Parameters
15. Osquery Get File Authenticode State – Main
Use Case
Dependencies
Playbook Process
Playbook Parameters
Importing AgentX Playbooks in Logpoint
Accessing Logpoint AgentX Playbooks
AgentX Performance Benchmarking and Deployment Recommendation
Server-Level Recommendations
Performance Summary
Performance Details
File Integrity Monitoring (FIM) Module
Event Module
Scalability Recommendation
Client-Level Recommendations
Performance Summary
Performance Details
File Integrity Monitoring (FIM) Module
Event Module
Appendix
AgentX Vendor Field Mapping
Linux
Unix Sysmon
Event ID: 1
Event ID: 3
Event ID: 4
Event ID: 16
Event ID: 23
Unix Sysmon Generic Taxonomy
Unix Audit Log Taxonomy
File Integrity Monitoring
Security Configuration Assessment
Unix Generic Log Taxonomy
Active Response Taxonomy
Windows
Windows Security Auditing
Event ID: 4616
Event ID: 4697
Event ID: 4698
Event ID: 4720
Event ID: 4729
Event ID: 4730
Event ID: 4731
Event ID: 4734
Event ID: 4744
Event ID: 4745
Event ID: 4748
Event ID: 4749
Event ID: 4750
Event ID: 4754
Event ID: 4755
Event ID: 4759
Event ID: 4760
Event ID: 4764
Event ID: 4944
Event ID: 4945
Event ID: 4953
Event ID: 4956
Windows Sysmon
Event ID: 1
Event ID: 2
Event ID: 3
Event ID: 4
Event ID: 6
Event ID: 7
Event ID: 8
Event ID: 9
Event ID: 10
Event ID: 12
Event ID: 13
Event ID: 14
Event ID: 15
Event ID: 16
Event ID: 17
Event ID: 18
Event ID: 19
Event ID: 20
Event ID: 21
Event ID: 22
Event ID: 23
Event ID: 24
Event ID: 26
Event ID: 255
File Integrity Monitoring
DHCP Module
DNS Module
DNS Module Request Type
Windows Powershell
Event ID: 400
Event ID: 403
Event ID: 4100
Event ID: 4103
Event ID: 4104
Event ID: 53504
Event ID: 600
Event ID: 800
Default Taxonomy of Powershell
Security Configuration Assessment
Default AgentX Taxonomy
Active Response
OSQuery
Windows MSSQL Module
Windows IIS Module
Event ID: 29
Event ID: 50
AgentX Labels
Linux
Unix Audit Labels
Unix Sysmon Labels
File Integrity Monitoring Labels
Unix Generic Labels
Active Response Labels
Windows
Windows Sysmon Labels
PowerShell Labels
DHCP Labels for IPv4
DHCP Labels for IPv6
File Integrity Monitoring Labels
Security Compliance Assessment Labels
DNS Labels
Windows MSSQL Module Labels
Event ID Labels
Log Level Labels
Action Labels
Windows Security Auditing Labels
Active Response Labels
OSQuery Labels
Windows
Windows Security Auditing
Windows Sysmon
DNS
Helpful?
Yes
No
We are glad this guide helped.
Please don't include any personal information in your comment
Contact Support
×
Navigation
next
AgentX latest documentation
»
