circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Log Analysis and Investigation

Once your log data is ingested and normalized, start turning raw events into actionable security insights. Logpoint provides multiple ways to explore, analyze, and act on your data, whether you are investigating suspicious activity, monitoring your environment, or reporting on compliance and security posture.

hashtag
Core Workflows

  1. hashtag
    Search Your Log Data

The search interface provides querying capabilities to explore raw log data, identify patterns, and extract specific information across your entire data lake.

When to use it:

  • Performing ad-hoc investigations and threat hunting

  • Validating alert logic and testing detection rules

  • Conducting a forensic analysis of historical events

  • Troubleshooting system or application issues

Key capabilities:

  • Advanced query language with filtering and correlation

  • Time-based searches across historical data

  • Field extraction and data parsing

  • Export results for further analysis

  1. hashtag
    Investigate Incidents

Incidents represent potential security events that require investigation and response. The incident management workflow helps you triage, analyze, document, and resolve security events from initial detection through final closure.

When to use it:

  • When alerts escalate to confirmed security events

  • During active threat investigations

  • For documenting security event timelines and remediation actions

Key capabilities:

  • Centralized incident tracking and case management

  • Timeline reconstruction and evidence collection

  1. hashtag
    Respond to Alerts

Alerts are automated detections triggered when specific conditions or patterns are identified in your log data. Alert management enables you to configure, tune, and respond to these detections efficiently.

When to use it:

  • Monitoring for known threats and attack patterns

  • Detecting policy violations and compliance issues

  • Identifying anomalous behavior requiring investigation

  • Automating initial triage and response actions

Key capabilities:

  • Pre-built and custom detection rules

  • Alert prioritization and severity scoring

  • False positive reduction through tuning

  • Integration with incident management

  1. hashtag
    Set up Dashboards & Widgets

Dashboards provide real-time visualization of your security posture through customizable widgets that display metrics, trends, and key performance indicators.

When to use it:

  • Monitoring security operations, health, and performance

  • Tracking incident response metrics and SLAs

  • Providing executive visibility into security posture

  • Identifying trends and patterns over time

Key capabilities:

  • Drag-and-drop dashboard builder

  • Multiple visualization types (charts, graphs, tables, maps)

  • Real-time data updates

  • Role-based dashboard sharing

  • Template dashboards for common use cases

  1. hashtag
    Share Insights Through Reports

Reports enable you to schedule, generate, and distribute formatted documentation of your security data, analytics, and investigation findings to stakeholders.

When to use it:

  • Providing regular security posture updates to management

  • Meeting compliance and audit documentation requirements

  • Sharing investigation findings with teams

  • Tracking performance against security metrics

Key capabilities:

  • Scheduled and on-demand report generation

  • Customizable templates and branding

  • Multiple export formats (PDF, CSV, HTML)

  • Automated distribution via email

  • Historical trend analysis

Last updated

Was this helpful?