circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

SOAR Settings

SOAR Automationspecific settings include:

1. Your timezone and Snap to Grid in General

2. Use lists for incident searches in Lists Management

3. Backup and restore your SOAR configurations in Import/Backup

4. Monitor SOAR health status from System Health.

5. Work with Python Scrips from Scripts.

6. Track playbook internal execution through Execution Tracking

7. Work with Integrations or SOAR Vendors

8. Modify SMTP Settings for email notifications

9. Setup SOAR Data Retention time

hashtag
General

Use General to select the Timezone and enable whether users can snap action blocks to the closest intersection of the playbook grid.

General Settings

  1. Go to Settings >> SOAR Settings from the navigation bar and click General.

  2. Select the Time Zone from the drop-down.

  3. Select or deselect Snap actions to grid when editing a playbook. Selecting it means users can snap action blocks to the closest intersection of the playbook grid.

  4. Click Save.

hashtag
Lists Management

You can maintain a collection of values as a List. You can use the list to search for the incidents associated with its values. For example, if you create a list named Admin Users having the usernames as the list members, you can use the list to query incidents associated with all the usernames that are members of the Admin Users list. You can also use the list to define a trigger condition or perform bulk actions.

The list remains unchanged until you add or remove the list members.

Go to Settings >> SOAR Settings from the navigation bar and click Lists Management to view, add, edit, and delete lists.

Adding a List

  1. Go to Settings >> SOAR Settings from the navigation bar and click Lists Management.

  2. Click Add New List.

  3. Enter the List’s Name and Description.

  4. Enter the Members of the List seperated by commas.

  5. Click Save.

Editing a List

  1. Go to Settings >> SOAR Settings from the navigation bar and click Lists Management.

  2. Hover over the () icon and Click the Edit option.

  3. Edit the information.

  4. Click Save.

Deleting a List

  1. Go to Settings >> SOAR Settings from the navigation bar and click Lists Management.

  2. Hover over the () icon and Click the Delete option.

  3. Click Delete.

hashtag
Import/Backup

  1. Go to Settings >> SOAR Settings from the navigation bar and click Import/Backup.

  2. Click Upload New File to upload the file.

  3. Click Upload.

hashtag
Export & Import

You can export and restore SOAR configuration in another Logpoint or use export to help protect your Logpoint from any errors during a software upgrade or hardware failure. During export, you will need to apply a password. This password is needed when importing the configuration. You can import SOAR configurations from other Logpoints or import a backup of your configuration of the same Logpoint.

Exporting SOAR configurations

1. Go to Settings >> SOAR Settings from the navigation bar and click System Export/Import.

2. Click Export to export your configurations.

3. Enter a password. This is the password you will need to enter when importing the configuration.

4. Exporting takes a few minutes. Do not navigate away until it is generated or the export will stop.

5. A .zip file is created. Go to your downloads folder to access it.

Importing SOAR configurations

1. Go to Settings >> SOAR Settings from the navigation bar and click System Export/Import.

2. Click Import to upload the file.

3. Browse to the file.

4. Enter the password if the configuration is password-protected.

5. Logpoint will analyze the data within the imported file. Click Continue

6. Click Import.

7. Click Import to confirm import.

8. Click Close.

hashtag
Backup

You can backup and restore SOAR, how it is configured, and its data. After backup, you can restore SOAR on the same system or a different one. Backup helps you protect your system from any errors during a software upgrade or due to hardware failure.

Create a Backup

After creating the backup file, you can import it to SOAR using Import.

  1. Go to Settings >> SOAR Settings from the navigation bar and click Import / Backup.

  2. Click Playbooks & Integrations Backup to download the file.

Backup takes a few minutes. Do not navigate away until backup is generated or backup will stop.

  1. A .zip file is created. Go to your downloads folder to access it.

hashtag
System Health

You can monitor the health status of services used by SOAR from System Health. A service can be either:

  • Passing - functioning normally.

  • Critical - contact Logpoint Support and use the status from the Output column to debug the problem.

Check System Health

Go to Settings >> SOAR Settings from the navigation bar and click System Health to view all the services for Logpoint SOAR. From the System Health page, you can refresh the list of services and their information by clicking on the Reload icon.

hashtag
Retention

You can setup how long SOAR data is saved and manage how often often data is cleaned up. You can only setup or change the number of days data is stored. You can’t control data retention according to weeks or hours, for example.

Retention Settings

  1. Go to Settings >> SOAR Settings from the navigation bar and click Retention.

  2. PLAYBOOKS_HISTORY is for internal Logpoint use only.

  3. CASES_RETENTION is how long SOAR cases are saved.

  4. PLAYBOOKS_EXECUTION_RETENTION is how long to save playbook monitoring data.

  5. SOAR_STATS_RETENTION is how long to save data statistics about SOAR playbooks.

  6. EXECUTION_TRACKING_RETENTION is how long to save data about Execution Tracking.

  7. LOGPOINT_WIDGETS_REPORTING is how long to save data forwarded from SOAR to SIEM used in the SOC Operation Dashboard.

In the list, to the right of each retention type is an ellipsis (…) click it to edit how long data should be stored.

Last updated

Was this helpful?