What is our primary use case?
We use LogPoint for log collection. We have a specific use case around a system that was not able to provide this kind of correlation. However, we are going to get rid of the legacy platform within the year and will be moving away from LogPoint.Pros and Cons
- "Technical support is responsive and very friendly."
- "The interface needs things like wizards that will assist with creating complex correlation rules."
What other advice do I have?
We are moving away from this solution and are looking for something automated, like Darktrace. My advice for anybody who is implementing this solution is to first have a very clear understanding of the use cases, what you want to use it for, and what you want to report. Don't be afraid to look for a cloud-based solution, especially when it comes to SIEM products. It removes a lot of trouble related to internal servers and the complexity of accessing the SIEM from outside. If you have to implement your own MSA then I would suggest reconsidering any case of using an internal SIEM. Especially for…