Adding a Normalization Policy¶

Logpoint SIEM needs to normalize your logs before UEBA can use them. For that reason, you need to add compiled normalizers and normalization packages specific to UEBA.

If you need more information about SIEM normalization, go to Adding a Normalization Policy.

Go to Settings >> Configuration >> Normalization Policies.
Click Add.

Enter a Policy Name.
Select the required normalization packages and compiled normalizers only. Logpoint provides the following normalization packages and compiled normalizers to normalize the Active Directory, web proxy, email, VPN, authentication, and resource access logs.

S.N.	Data Category	Normalization Packages/Compiled Normalizers
1	Windows Active Directory	LPA _Windows
2	Web Proxy	WebsenseWebproxyCompiledNormalizer LP_BlueCoat ProxySG LP_Squid LP_Squid dynamic LP_Websense Webproxy
3	Email	CiscoIronPortESGCompiledNormalizer QmailCompiledNormalizer SendMailCompiledNormalizer EximMTACompiledNormalizer ExchangeMTCompiledNormalizer ProofPointCompiledNormalizer MimecastCompiledNormalizer LP_O365 Exchange MT
4	VPN	PaloAltoNetworkFirewallCompiledNormalizer FortiOSCompiledNormalizer LP_Cisco PIXASA LP_Juniper PulseSecure
5	Authentication	Office365CompiledNormalizer CiscoISEcompiledNormalizer
6	Resource Access	Office365CompiledNormalizer EMCIsilonFSCompiledNormalizer

Click Submit.

Helpful?