3. Configuring Logging in Blackpoint LogIC
Powered by our proprietary SNAP-Defense technology, Blackpoint LogIC is a logging with integrated compliance MDR add-on built to be hyper-efficient and provide real-time data collection. With LogIC, collect the right data you need for future audits. LogIC auto-maps against hundreds of compliance requirements all at once, so you can understand where your current security products and services are covering you in terms of compliance. Trust LogIC to make your journey towards regulatory compliance easier.
After you have added Blackpoint LogIC to your existing 24/7 MDR customers and logged into the platform, follow this article to configure the log settings in Blackpoint LogIC. We’ve broken down the process into the following sections:
- Logging in Blackpoint LogIC
- Related Documentation
- You must whitelist the following domains to ensure the SNAP Agent can communicate with our servers.
Logging in Blackpoint LogIC
- In the Blackpoint Portal, click Blackpoint Add-Ons Portal in the left-hand menu.
- In the left-hand menu, click GO TO in the Customer section.
- Search for the customer you are setting up logging for.
- Click LogIC in the left-hand menu and then on Settings.
- Toggle the Enable Logging switch on. Each of the tabs below will allow you to start configuring either Syslog, Windows Events, or Windows FIM settings for the customer.
- Click the Syslog tab, toggle the Enable Syslog Collector switch on, and then click Add Collector.
- In the Syslog Collector pop-up, select the device(s) from the list, or use the search function. Then, select the protocol from the drop-down menu and enter the port before clicking Save.
The device(s) will now appear in the list of syslog collectors. To remove a device, click Remove next to that specific device in the Actions column. In the Hostname column, you will see a status icon representing how long ago the device was last active.
- Green icon – Last seen 15 minutes ago
- Yellow icon – Last seen between 15 minutes and 1 day ago
- Red icon – Last seen 1 or more days ago
- Grey icon – Pending set up
Configuring Windows Events
Click the Windows Events tab to configure which Windows Devices will collect Windows events. Toggle the Enable Windows Event Logging switch to on. To monitor ALL Windows devices running a SNAP Agent, select the checkbox.
To log only specific devices, leave the Monitor all Windows devices box unchecked. Select the device(s) from the list, or use the search function. After making the selections, you can perform bulk actions such as Select All, Enable, or Disable.
Configuring Windows FIM
Click the Windows FIM tab to choose which devices will collect FIM events. Toggle the Enable Windows File Integrity Monitoring (FIM) switch to on.
In the FIM Policies section, you can either edit the default policy or add new policies.
- To edit the default policy:
- Click Edit.
- Scroll down to the editable paths. You can modify the paths, mark it for exclusion, or remove it from the policy.
Note: Blackpoint LogIC supports the use of wildcard characters (*) in path names.
- To add a path, click Add Path and give it a name.
- Click Save.
- To add new policy:
- Click Add Policy.
- Enter a name for your new policy.
- Scroll down to the editable paths. You can modify the paths, mark it for exclusion, or remove it from the policy. Click Add Path if desired.
- Click Save.
To collect FIM events from ALL Windows devices running a SNAP Agent, select the Monitor all Windows devices checkbox.
To monitor only specific devices, leave the Monitor all Windows devices box unchecked. Select the device(s) from the list, or use the search function. After making the selections, you can perform bulk actions such as Select All, Enable, Disable, or Set Policy.
Viewing usage summaries & statistics
You are able to view your usage by time in the Blackpoint Add-Ons Portal. Note that costs displayed are estimates based on current usage and contract(s).
- In the Blackpoint Add-Ons Portal, click Usage in the left-hand menu.
- In the Usage Breakdown section, select if you would like to see usage date from the last 30 days, last 24 hours, or the last billing period. You may also enter a customer date range.
- Based on the services you have with Blackpoint, you will see a breakdown of number of devices and users active for each service.
- In the Usage Per Device section, you can search for a device by hostname or IP address and choose to download your search items.
Please visit our Blackpoint LogIC FAQ here.