1. Blackpoint LogIC FAQ
Blackpoint LogIC is a logging with integrated compliance add-on designed to help MSPs and their customers satisfy compliance requirements including assessments and audits. LogIC provides compliance reporting and hyper-optimized storage capabilities without typically requiring additional hardware, appliances, installs, or agent rollouts.
LogIC was designed and built to be affordable to MSPs and their partners. It supports compliance tracking and reporting for PCI-DSS, HIPPA, and CMMC (Levels 1, 2, and 3). Collected logs are stored with back up and encryption compliant with SEC rule 17a-4, PCIDSS, HIPAA/HITECH, FedRAMP, EU GDPR, and FISMA data storage regulations.
- Leverages Blackpoint’s nation-state grade MDR technology for easy, push-button setup.
- Self-serve Compliance Report web application allows real-time management, control, and customization of log collection.
- Collected logs are stored read-only in 3 different zones and encrypted with 256-bit Advanced Encryption Standard (AES-256).
- Includes 365 days of complimentary log storage with options for additional log retention durations.
- Automatic mapping of compliance controls to Blackpoint technology and services, reducing reporting and assessment efforts.
- Adds LogIC information to Blackpoint’s monthly MDR reports.
- Complimentary updates to future LogIC features (extensive enhancements planned throughout 2021 and 2022).
Frequently Asked Questions
Is Blackpoint MDR required for LogIC?
Yes. Although LogIC helps satisfy some compliance requirements, both are necessary to ensure the most comprehensive security and compliance coverage.
How will LogIC be priced?
Please contact your Blackpoint account manager to learn about pricing.
How will I be charged?
Your LogIC costs will be calculated based on your monthly device usage as well as any storage and retrieval surcharges included in your standard monthly Blackpoint MDR bill.
What are Blackpoint’s storage options after the initial one-year offering?
Blackpoint LogIC supports flexible storage durations. It includes 365 days of complimentary log storage and affordable pricing for longer durations. For more information, please contact your account executive.
Will there be limits on data collection?
For Windows OS-based devices, no. For syslog, each syslog source will be limited to 100 GB/month which should be sufficient for almost all use cases. 100 GB/month is equivalent to approximately 80 standard syslog messages per second.
Is there a total number of syslog sources we can collect?
No. However, syslog message frequency and size vary greatly across customers and infrastructures and also may impact collection performance. As a result, we generally advise that any single SNAP Agent:
- Receives no more than 680 syslog messages per second and
- Receives data from four (4) or fewer unique syslog sources.
If you need to collect more than 680 syslog messages per second or more than four (4) unique syslog sources, then we suggest configuring some of your syslog sources to send messages to a second SNAP Agent when setting up your LogIC syslog collection.
Which reports will the Compliance Report web application initially support?
To date, PCI-DSS, CMMC up to level 3, and HIPAA are supported. Additional compliance standards will be added in subsequent months. If you need to satisfy specific compliance frameworks that are not currently supported, please contact us to identify the additional framework(s).
Will Blackpoint add more compliance report frameworks?
Yes, additional compliance standards will be added in future releases of Blackpoint LogIC. If you need to satisfy specific compliance frameworks that are not currently supported, please contact us to identify the specific framework(s) you require.
If I deploy less than the minimum cost, or just don't have that many devices, is there a partial discount?
No. The minimum cost ensures Blackpoint can meet its costs and covers onboarding assistance, technical support, future LogIC updates and releases, as well as access to the Compliance Web application where partners and customers can manage compliance reports.
What are Syslog, Windows Events, and Windows FIM?
Syslog (system logging protocol) is a standard protocol used to send a system log or event message to a specific server. It is used primarily to collect various device logs from different machines into a central location for system management including monitoring and security auditing.
Windows Events capture changes and events in the Microsoft Windows operating system running on a device. They may include application, service, user, and security related events.
Windows FIM (file integrity monitoring) collects events on operating system files that are created, accessed, or modified as they may indicate a security breach or compromise. FIM audit trails can be helpful in identifying who accessed what and when especially during digital forensics and incident response activities.
What is the LogIC file integrity monitoring (FIM) capability?
The FIM capability in LogIC monitors the following changes to files: Created, Deleted, Accessed, Modified, Shortcut Link Created. It can be configured to monitor specific directories and/or file extensions. Please contact your Blackpoint account manager for additional details.
Why aren't my devices visible?
Please ensure that you have whitelisted the following domains. This ensures that the SNAP Agent can communicate with our servers.