Explore and Analyze Logpoint Agent Events
After Logpoint ingests Windows logs:
Use Search to access and examine events.
Create custom Dashboards for real-time visibility.
Generate Reports for compliance and trend analysis.
Configure Alerts to detect suspicious activity.
Search
Use the following queries to explore common Logpoint Agent events:
All Logpoint Agent logs
col_type = "LPAgent"
Windows Event Logs
col_type = "LPAgent" module_type = "event_log"
Security Event Logs
col_type = "LPAgent" module_type = "event_log" log_name = "Security"
Failed logon attempts
col_type = "LPAgent" module_type = "event_log" event_id = 4625
Successful logon events
col_type = "LPAgent" module_type = "event_log" event_id = 4624
Account lockouts
col_type = "LPAgent" module_type = "event_log" event_id = 4740
PowerShell execution
col_type = "LPAgent" module_type = "event_log" log_name IN ["Microsoft-Windows-PowerShell/Operational", "Windows PowerShell"]
File collection logs
col_type = "LPAgent" module_type = "file_collection"
File integrity events
col_type = "LPAgent" module_type = "file_scanner"
New files created
col_type = "LPAgent" module_type = "file_scanner" action = "FILE_CREATE"
Files modified
col_type = "LPAgent" module_type = "file_scanner" action = "FILE_MODIFY"
Files deleted
col_type = "LPAgent" module_type = "file_scanner" action = "FILE_DELETE"
Registry changes
col_type = "LPAgent" module_type = "registry_scanner"
Registry modifications
col_type = "LPAgent" module_type = "registry_scanner" action = "REGISTRY_MODIFY"
Registry deletions
col_type = "LPAgent" module_type = "registry_scanner" action = "REGISTRY_DELETE"
Critical Windows events
col_type = "LPAgent" module_type = "event_log" level IN ["Critical", "Error"]
Events from specific device
col_type = "LPAgent" source_address = "192.168.1.100"
Service start/stop events
col_type = "LPAgent" module_type = "event_log" event_id IN [7035, 7036, 7040]
Process creation events
col_type = "LPAgent" module_type = "event_log" event_id = 4688
Last updated
Was this helpful?