circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Alert Rules Analytics

hashtag
Dashboard

hashtag
LP_Mitre Attack Analytics Overview

This dashboard consists of the following widgets:

Widget Name

Description

Triggered Attack Tactics

The count of different attack tactics triggered by attackers in your system based on the MITRE ATT&CK framework, categorized and summed by various tactics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration and Impact. It helps administrators enhance their security posture, prioritize incident response, allocate resources effectively, and improve overall threat detection and mitigation strategies.

Triggered Attack Tactics - Timetrend

An hourly trend of various attack tactics triggered within your system, categorized according to the MITRE ATT&CK framework. It helps administrators maintain a robust and responsive security posture, ensuring timely detection and mitigation of potential threats.

Mitre Att&ck Matrix

An ATT&CK chart, a heatmap describing the attacks carried out in your system using attack tactics, techniques and procedures defined by MITRE. It shows the count of each attack ID within its respective attack category, helping administrators enhance their security posture, prioritize defences, and improve incident response and threat analysis.

Top Recurring Attacks

The top ten recurring attacks within your system, categorized by attack type and frequency, allowing administrators to quickly identify the most common and persistent threats. For example, Console History Discover Detected is an attack, Collection is its attack category and the attack occurred three times.

Top Users by Attack Tactics

The top ten users based on the number of distinct attack tactics they were associated with, providing insights into which users are most frequently targeted or involved in diverse attack activities.

Top Hosts in Attack

The top ten hosts based on the number of distinct attack tactics they were associated with, providing insights into which hosts are most frequently targeted or involved in diverse attack activities.

chevron-rightAdding the Alert Rules Dashboardhashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Dashboards.

  2. Select VENDOR DASHBOARD from the drop-down.

  3. Click Add from Actions of LP_Mitre Attack Analytics Overview.

  4. Click Choose Repos.

  5. Select the repo and click Done.

  6. Click Ok.

  7. You can find the Alert Rules dashboard under Dashboards.

Alert Rules Dashboard
Alert Rules Dashboard

hashtag
Search Template

LP_Mitre Attack Analytics Overview: It stores the search queries that provide information on tactics triggered, attack tactics, recurring incidents, and attack details.

chevron-rightUsing the Salesforce Search Templateshashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Search Templates.

  2. Select VENDOR SEARCH TEMPLATES from the drop-down, search and click LP_Mitre Attack Analytics Overview.

  3. In Update Parameters, enter the required parameters.

    1. Select Override widget time range to set a time range for the search query.

    2. Select REPOS to choose repos which contains Alert Rules logs.

    3. Click Update.

After updating, the widgets start displaying the result. Logpoint forwards you to Search Template View to access the dashboards of the search template.

Last updated

Was this helpful?