LogPoint

LogPoint Reviews

Do you work for this company? Learn how we help vendors

Reviews
(1-5 of 5)

Companies can't remove reviews or game the system. Here's why
Louis MILCENT | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Reseller
Review Source
We are an MSSP company with a SOC providing multiple security services, including forensic, pentest, incident response, etc. Initially we were only reseller and LogPoint integrator. The current SIEM we use for our SOC (LogRhythm) has many problems, is very expensive and the technical support team is slow to answer. Especially on log normalization. That is why we have started a migration to use LogPoint instead of LogRhythm in the next month.

LogPoint is not identical with LogRhythm, but has solid strengths, at least:
  • license model
  • technical support team (with possibility of support IP through VPN)
  • log normalization creation for unknown logs are pretty fast
  • no extra cost for high availability architectures
The only drawback for now are:
  • To simple alert management interface. When there is 10 identical alerts, it is difficult to still have a global vision of everything and it is time consuming to resolve all of them. LogPoint is clearly not usable as is for MSSP or big customers, a SOAR solution should be used in addition.
  • Clear interface, except sometime where it is a little bit confusing
  • Lack of self monitoring, we cannot know from the web UI if an alert rule is consuming to much resources.

  • Technical support team is fast and competent
  • License management and cost
  • Log parsing
  • New logs can be provided to the support team for parser creation
  • High Availability architecture does not cost more
  • Alerts interface is too simple, hard to keep visibility if there is more that 10 alarms
  • Web UI is clear but sometimes confusing
  • LogPoint never warns on bad practices that could leads to performance issues
  • Lack of self monitoring, to display which alert rule is consuming too much resources
LogPoint can be deployed easily in high availability to absorb a lot of log per seconds. But LogPoint only, without SOAR, is not well suited for MSSP or big companies that could have a lot of alarm rules every days. There is no link between old and new alarms (for same IOC for example), and the interface is not enough clear to manage them all.
Support team is very fast to answer and very kind.
August 05, 2021

LogPoint review

Fabien Landais | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
LogPoint is used internally to consolidate logs into a single place. Based on that, we are now able to have a cross solution analyse, detect threats and help our operational team to provide the fastest solution. We use LogPoint in the whole organization.
  • Analyse in real time lots of different logs and alert security team based on predefined alert templates.
  • Simple and fast deployment.
  • Pre defined templates available for dashboarding, alerting, reporting and logs normalization.
  • Providing a full Cloud solution
  • Having more documentation for complex deployment
LogPoint could be implemented in different use cases and company sizes based on their deployment options from all-in-one to multiple roles and servers.
LogPoint is less appropriate for "cloud first" companies because it could be complex to deploy to the Cloud.
Easy to contact and they are pretty quick to answer or give advises.
  • in-person training
Score 5 out of 10
Vetted Review
Verified User
Review Source
We are a LogPoint partner, and I'm in charge of integrating the solution in our customers' environments. The reasons our customers choose LogPoint vary from needing a central log repository for compliance reasons to speeding up investigations, etc. The main reasons I see for LogPoint being chosen instead of other SIEM solutions is its pricing model.
  • Pricing model
  • Active support
  • Ease of use
  • Stability (weird issues)
  • Transparency (hard to investigate issues)
  • Search template should be improved
LogPoint is well suited for smaller environments with small teams that don't have much time for training and need a solution that is quickly operational.

In bigger environments, however, the fact that issues often need support to intervene--which causes delay--makes this solution less appropriate.
Support is pretty effective, gives clear information, and usually solves the issues encountered. However, having to rely on support is one of the issues I am facing, since it slows projects down.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We purchased LogPoint to replace a legacy log collection tool that was end-of-life, but it has become so much more than a repository for logs. We use it to collect logs from endpoints, servers, firewalls, routers, applications etc. Being able to correlate searches across different log sources is invaluable. For example, it has helped us to investigate account lockouts much more quickly, getting the user involved back up and running as swiftly as possible. This used to be a laborious process, checking multiple logs in different locations. Now it's a simple dashboard on a webpage. It's also proved very useful in investigating suspected security incidents.
  • Log storage - depending on the value of the data, you can specify different retention periods.
  • Log enrichment - LogPoint can use various sources, such as Active Directory and threat intelligence feeds, to enrich logs and make them more useful.
  • Correlation - you can write complex search queries that bring in information from multiple log sources.
  • Alerting - any search can be used to configure an automatic alert, triggering an email if an event is detected, or passes a set threshold.
  • Support - LogPoint support is always incredibly helpful.
  • Ease of use - some aspects of LogPoint are difficult to find, hidden away in parts of the product that are not intuitive. For example, you have to go into the Knowledge Base to find the alert rules you've set up.
  • User community - the user community for LogPoint does not seem to be as large or active as some of their competitors.
  • UEBA - so far the UEBA functionality has not generated any usable insights for us.
LogPoint is incredibly useful for pulling information from various log sources and combining them together to offer insights into suspicious or potentially malicious behaviour. It is not intuitive and can take some time to get used to. Once you're up and running though, it's easy to onboard new log sources. Search queries can again be tough to get used to, but LogPoint support is really helpful and can offer assistance with writing more complex searches.
LogPoint support is outstanding. They are incredibly helpful, and on occasions have proactively identified issues with our setup, and logged cases on our behalf before we had even noticed there was a problem. If there is a search we need to write that is beyond our skills, LogPoint support can typically write it for us within a couple of days. They are always very responsive, and I am yet to have a bad support experience.
Score 10 out of 10
Vetted Review
Verified User
Review Source
LogPoint is used to aggregate all our important logs in one place, giving us an easy to use, reliable solution. We also rely on it to alert us to any anomalous behavior in the user base, the arrival of phishing emails, monitoring user web access, and many other things. It is used predominantly by the IT dept at all levels, providing deep detail along with easy to use search functionality.
  • Log aggregation
  • Log search functionality
  • Excellent customer service
  • Some maintenance tasks can only be performed by support
If you need a good-looking, easy to use SIEM product then look no further.

LogPoint Scorecard Summary

Feature Scorecard Summary

Security Information and Event Management (SIEM) (12)
64%
6.4
Centralized event and log data collection (5)
84%
8.4
Correlation (4)
80%
8.0
Event and log normalization/management (5)
84%
8.4
Deployment flexibility (5)
67%
6.7
Integration with Identity and Access Management Tools (3)
64%
6.4
Custom dashboards and workspaces (5)
76%
7.6
Host and network-based intrusion detection (3)
73%
7.3
Data integration/API management (1)
45%
4.5
Rules-based and algorithmic detection thresholds (1)
64%
6.4
Response orchestration and automation (1)
36%
3.6
Reporting and compliance management (1)
64%
6.4
Incident indexing/searching (1)
27%
2.7

What is LogPoint?

LogPoint detects, analyzes and responds to threats within an organization’s data for faster security investigations. LogPoint is dedicated to helping overloaded security analysts work more efficiently with accelerated detection and response. LogPoint's SIEM solution with UEBA provides users with analytics and ML-driven automation capabilities designed to enable customers to securely build, manage and effectively transform their businesses. The licensing model is flat and based on nodes rather than data volume, giving businesses a predictable price that helps reduce the cost of deploying a SIEM solution on-premise, in the cloud or as an MSSP. The solution integrates with all network devices, so users get a holistic and correlated overview of events in an IT infrastructure. LogPoint SIEM translates all data into one common language so it is possible to compare events across systems. Having a common language enables users to better search, analyze and report on data. When it comes to compliance LogPoint enables automatic monitoring of relevant compliance parameters and alerts users to relevant risks as they happen.

LogPoint Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection
  • Supported: Log retention
  • Supported: Data integration/API management
  • Supported: Behavioral analytics and baselining
  • Supported: Rules-based and algorithmic detection thresholds
  • Supported: Response orchestration and automation
  • Supported: Reporting and compliance management
  • Supported: Incident indexing/searching

Additional Features

  • Supported: Data encryption, data masking and/or data obfuscation to users
  • Supported: Common Criteria EAL3+ certification

LogPoint Screenshots

LogPoint SIEM dashboardLogPoint UEBA dashboardLogPoint threat intelligence dashboardAll LogPoint alerts are mapped to the MITRE ATT&CK framework

LogPoint Videos

Four reasons to choose LogPoint: In conversation with Columbia College
LogPoint CTO Christian Have shares his insights about how LogPoint is helping companies detect and respond faster than ever before. Without a proper security foundation, even the best tools won’t help companies detect or respond faster.
Faster detection and response with MITRE ATT&CK: How security analysts can use the ATT&CK framework to more quickly understand how an alert relates to a larger attack so they can take the necessary steps to protect their business.

LogPoint Integrations

LogPoint Competitors

LogPoint Pricing

LogPoint Technical Details

Deployment TypesOn-premise, SaaS
Operating SystemsLinux
Mobile ApplicationNo

Frequently Asked Questions

What is LogPoint's best feature?

Reviewers rate Centralized event and log data collection and Event and log normalization/management highest, with a score of 8.4.

Who uses LogPoint?

The most common users of LogPoint are from Mid-size Companies and the Computer & Network Security industry.