Presenters

  • Paul Gower, Director Sales Engineering
  • Sergio Lozano Alvarez, Product Marketing Manager
Logpoint ingests log data from multiple sources, which it normalizes and enriches based on feeds and relevant data. Alert rules allow incidents to be created if the data is flagged for investigation by Logpoint. When an incident is created, Logpoint SOAR can further triage the data and gather relevant artifacts into a case. The data may be exported to a third-party ticketing system such as Zendesk with a link to the Logpoint logs that may be reviewed. The third-party system can use API to start or resume Logpoint SOAR playbooks for automation purposes.
 
During this webinar you will learn
  • How Logpoint can triage an incident, such as reviewing blacklist status of a user and if there are previous incidents involving that user.
  • How Logpoint can gather data from multiple sources such as Active Directory to gather all the relevant artifacts into a single case.
  • How Logpoint may be used to put a user on a blacklist or take other action such as disabling the user on Active Directory.
  • How Logpoint can export the captured case data to a ticketing system such as Zendesk and update the same ticket if additional information comes to light.