circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Logpoint SaaS

hashtag
Overview

Logpoint SaaS delivers enterprise-grade threat detection, investigation, and response of Logpoint SIEM through a modern cloud architecture. It also monitors your local device’s critical parameters, CPU, memory, disk space, connection health, and log flow, and proactively alerts you in case of service disruptions. By combining cloud capabilities with minimal on-prem infrastructure, it enables security teams to focus on what matters most, protecting their organization rather than managing complex systems.

hashtag
Architecture

hashtag
Cloud Service

A cloud-based threat detection, investigation, and response service accessible via a dedicated, secure URL. It provides a unified SaaS interface for configuring Alert Rules, Dashboards, Search Templates, Report Templates, and Investigation and Response Playbooks. After configuration, generate compliance reports or conduct end-to-end threat detection, investigation, and response using both vendor-provided and custom alert rules, dashboards, and playbooks.

hashtag
On-Prem Cloud Connectors

Cloud Connector fetches and forwards normalized enriched logs from your on-prem Logpoint to Logpoint SaaS. You must open HTTPS port 443 for the SaaS API endpoints in your network to ensure the connection between Cloud Connector and Logpoint SaaS.

circle-info

There are compatibility differences between Logpoint versions (On-prem & SaaS) and the Cloud Connector. Go to the Compatibility Matrix to learn more.

hashtag
What's Included

Logpoint SaaS subscription provides:

  • Dedicated Cloud Instance: Secure URL and endpoint for your organization

  • SaaS License: Full access to the cloud-based SIEM + SOAR platform

  • Cloud Connector Licenses: Credentials and configuration for on-prem appliances

  • Proactive Monitoring: Continuous health monitoring of your infrastructure

  • Support: Direct contact for service disruptions or issues

hashtag
Important Considerations

While Logpoint SaaS delivers comparable functionality to the on-premise SIEM + SOAR solution, there are a few differences to consider:

  • User accounts are created and managed in SaaS, with built-in multi-factor authentication. External identity providers including SAML, OAuth, or ADFS are not currently supported.

  • To access enrichment sources on your private network, they must be configured separately on the Connector Appliance and the SaaS Web UI. Configure ingest-time Enrichment sources on Connector Appliances and search-time enrichment on SaaS Web UI.

  • Most system settings are managed by Logpoint, reducing administrative overhead. A subset of settings is still user-configurable. System Settings on the cloud connector appliance are the same as on an On-prem Logpoint.

  • Install and configure AgentX and collectors from the local cloud connector appliance.

  • Data collection and normalization are done via a cloud connector appliance. While the CNDP plugin and Universal Normalizer are visible in the SaaS GUI, they are not applicable in the SaaS environment and do not require any configuration.

  • Search-time DNS Process command resolves publicly accessible DNS names and IP addresses.

  • Users access Logpoint SaaS through a secure, web-based portal that supports multi-factor authentication (MFA) across all tenants.

  • Device registration entries from Cloud Connector Appliances are not accessible through the Web UI. Instead, log access is managed by applying restrictions at the repository level, while access to specific device logs is controlled using the User Group Universal Query.

  • Export Management is not supported in SaaS.

  • Logpoint Director is currently only supported on On-prem Logpoint.

Last updated

Was this helpful?