Alert Rules

Alert Rules include alert packages, the LP_MITRE ATT&CK Analytics Overview dashboard package, and Knowledge Base (KB) lists that support integrated analytics in Logpoint. They provide a compliance and triage dashboard that helps you analyze user and entity behavior trends and assess defensive gaps using the MITRE ATT&CK framework.

Logpoint generates alerts based on predefined detection rules and categorizes them according to MITRE ATT&CK tactics and techniques. These alerts serve as a foundation for developing and refining detection use cases. When potential threats are identified in your environment, Logpoint triggers alerts to help you detect malicious activity, advanced malware, and associated techniques, tactics, and procedures (TTPs) at an early stage, enabling timely response actions.

You can customize dashboards and alerts to align with your operational requirements and perform deeper analysis using tailored searches and data views.

Alert Rules Components

1. Alert Packages

   1. MITRE ATT&CK Analytics

   2. NON-MITRE ATT&CK Analytics.

2. Dashboard Package

   1. LP_Mitre Attack Analytics Overview

3. Search Template

   1. LP_Mitre Attack Analytics Overview

Required Log Source

• MITRE ATT&CK Analytics

  • Windows Security Audit

  • Windows Sysmon

• Default Alert Rules

  • All applicable log sources