LogPoint enables organizations to convert data into actionable intelligence, improving their cybersecurity posture and creating immediate business value.
This document provides information about the LogPoint connector, which facilitates automated interactions, with your LogPoint server using FortiSOAR™ playbooks. Add the LogPoint connector, as a step in FortiSOAR™ playbooks and perform automated operations for collecting, analyzing, and monitoring your machine data.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ versions: 4.12.1-253
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-logpoint
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the LogPoint connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the LogPoint server to which you will connect and perform automated operations. |
Username | Username to access the LogPoint server to which you will connect and perform automated operations. |
Secret Key | Secret Key to access the LogPoint to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Repos | Retrieves a list of all the repos from the LogPoint system. | get_repos Investigation |
Get Log Points | Retrieves a list of all Log Points from the LogPoint system. | get_log_points Investigation |
Get Devices | Retrieves a list of all devices from LogPoint system. | get_devices Investigation |
Get Time Zone | Retrieves Time Zone information from the LogPoint system. | get_timezone Investigation |
Get Live Search | Retrieves information about Live Searches from the LogPoint system. | get_live_search Investigation |
Get Search ID | Searches the LogPoint system based on the time range and query you have specified and returns a search ID. | get_search_id Investigation |
Get Response | Retrieves the response of a search operation from LogPoint system based on the Search ID you have specified. | get_response Investigation |
None.
The output contains the following populated JSON schema:
{
"allowed_repos": [
{
"address": "",
"repo": ""
}
],
"logpoint": [
{
"ip": "",
"name": ""
}
],
"success": ""
}
None.
The output contains the following populated JSON schema:
{
"success": "",
"allowed_loginspects": [
{
"ip": "",
"name": ""
}
]
}
None.
The output contains the following populated JSON schema:
{
"allowed_devices": [],
"logpoint": [],
"success": ""
}
None.
The output contains the following populated JSON schema:
{
"hour_format": "",
"date_format": "",
"success": "",
"timezone": ""
}
None.
The output contains the following populated JSON schema:
{
"livesearches": [
{
"query_info": {
"lucene_query": "",
"columns": [],
"aliases": [],
"success": "",
"query_filter": "",
"grouping": [],
"fieldsToExtract": [],
"query_type": ""
},
"vid": "",
"generated_by": "",
"limit": "",
"timerange_hour": "",
"searchname": "",
"flush_on_trigger": "",
"timerange_minute": "",
"tid": "",
"description": "",
"life_id": "",
"query": "",
"timerange_second": "",
"timerange_day": ""
}
],
"success": ""
}
Parameter | Description |
---|---|
Time Range | Time range based on which you want to search the LogPoint system. You can choose either a Relative time such as Last 1 hour, Last x.. etc, from the options provided, or click Calendar Period to specify a calendar period, such as This Month, or click Custom to specify a custom time range.
|
Query Parameter | Parameter of the query based on which you want to search the LogPoint system. You can choose some predefined query parameters, such as Time Zone, User, etc, or you can select Custom to define your own query in the Query field. If you choose a predefined query parameter then you must specify the query associated with the parameter selected. For example, if you choose Time Zone, then you must specify the time zone for which you want to extract logs from the LogPoint system, or if you choose User, then you must specify the user for whom you want to extract logs from the LogPoint system. |
Limit | (Optional) Maximum number of records that this operation should retrieve from the LogPoint System. By default, this is set to 30. |
Timeout | (Optional) Time, in seconds, after which this operation will timeout, i.e., time in seconds for which the search ID is Valid. By default, this is set to 60. |
Repos | (Optional) Repos on the LogPoint system on which you want to run the search operation. |
The output contains the following populated JSON schema:
{
"lookup": "",
"search_id": "",
"time_range": [],
"query_filter": "",
"latest": "",
"success": "",
"searchId": "",
"query_type": ""
}
Parameter | Description |
---|---|
Search ID | Search ID based on which you want to retrieve the response from the LogPoint system. Note: You can retrieve the search ID using the Get Search ID operation. |
The output contains the following populated JSON schema:
{
"status": {},
"complete": "",
"version": "",
"time_range": [],
"orig_search_id": "",
"final": "",
"query_type": "",
"success": "",
"estim_count": "",
"extracted_terms": []
}
The Sample - logpoint - 1.0.0
playbook collection comes bundled with the LogPoint connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the LogPoint connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
LogPoint enables organizations to convert data into actionable intelligence, improving their cybersecurity posture and creating immediate business value.
This document provides information about the LogPoint connector, which facilitates automated interactions, with your LogPoint server using FortiSOAR™ playbooks. Add the LogPoint connector, as a step in FortiSOAR™ playbooks and perform automated operations for collecting, analyzing, and monitoring your machine data.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ versions: 4.12.1-253
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-logpoint
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the LogPoint connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the LogPoint server to which you will connect and perform automated operations. |
Username | Username to access the LogPoint server to which you will connect and perform automated operations. |
Secret Key | Secret Key to access the LogPoint to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Repos | Retrieves a list of all the repos from the LogPoint system. | get_repos Investigation |
Get Log Points | Retrieves a list of all Log Points from the LogPoint system. | get_log_points Investigation |
Get Devices | Retrieves a list of all devices from LogPoint system. | get_devices Investigation |
Get Time Zone | Retrieves Time Zone information from the LogPoint system. | get_timezone Investigation |
Get Live Search | Retrieves information about Live Searches from the LogPoint system. | get_live_search Investigation |
Get Search ID | Searches the LogPoint system based on the time range and query you have specified and returns a search ID. | get_search_id Investigation |
Get Response | Retrieves the response of a search operation from LogPoint system based on the Search ID you have specified. | get_response Investigation |
None.
The output contains the following populated JSON schema:
{
"allowed_repos": [
{
"address": "",
"repo": ""
}
],
"logpoint": [
{
"ip": "",
"name": ""
}
],
"success": ""
}
None.
The output contains the following populated JSON schema:
{
"success": "",
"allowed_loginspects": [
{
"ip": "",
"name": ""
}
]
}
None.
The output contains the following populated JSON schema:
{
"allowed_devices": [],
"logpoint": [],
"success": ""
}
None.
The output contains the following populated JSON schema:
{
"hour_format": "",
"date_format": "",
"success": "",
"timezone": ""
}
None.
The output contains the following populated JSON schema:
{
"livesearches": [
{
"query_info": {
"lucene_query": "",
"columns": [],
"aliases": [],
"success": "",
"query_filter": "",
"grouping": [],
"fieldsToExtract": [],
"query_type": ""
},
"vid": "",
"generated_by": "",
"limit": "",
"timerange_hour": "",
"searchname": "",
"flush_on_trigger": "",
"timerange_minute": "",
"tid": "",
"description": "",
"life_id": "",
"query": "",
"timerange_second": "",
"timerange_day": ""
}
],
"success": ""
}
Parameter | Description |
---|---|
Time Range | Time range based on which you want to search the LogPoint system. You can choose either a Relative time such as Last 1 hour, Last x.. etc, from the options provided, or click Calendar Period to specify a calendar period, such as This Month, or click Custom to specify a custom time range.
|
Query Parameter | Parameter of the query based on which you want to search the LogPoint system. You can choose some predefined query parameters, such as Time Zone, User, etc, or you can select Custom to define your own query in the Query field. If you choose a predefined query parameter then you must specify the query associated with the parameter selected. For example, if you choose Time Zone, then you must specify the time zone for which you want to extract logs from the LogPoint system, or if you choose User, then you must specify the user for whom you want to extract logs from the LogPoint system. |
Limit | (Optional) Maximum number of records that this operation should retrieve from the LogPoint System. By default, this is set to 30. |
Timeout | (Optional) Time, in seconds, after which this operation will timeout, i.e., time in seconds for which the search ID is Valid. By default, this is set to 60. |
Repos | (Optional) Repos on the LogPoint system on which you want to run the search operation. |
The output contains the following populated JSON schema:
{
"lookup": "",
"search_id": "",
"time_range": [],
"query_filter": "",
"latest": "",
"success": "",
"searchId": "",
"query_type": ""
}
Parameter | Description |
---|---|
Search ID | Search ID based on which you want to retrieve the response from the LogPoint system. Note: You can retrieve the search ID using the Get Search ID operation. |
The output contains the following populated JSON schema:
{
"status": {},
"complete": "",
"version": "",
"time_range": [],
"orig_search_id": "",
"final": "",
"query_type": "",
"success": "",
"estim_count": "",
"extracted_terms": []
}
The Sample - logpoint - 1.0.0
playbook collection comes bundled with the LogPoint connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the LogPoint connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.