App management
Overview
An app is a deployment unit that bundles the components required for security operations — dashboards, loggers, parsers, detection scenarios, datasets, and more — into a single package. By installing an app, you can set up an entire collection-detection-analysis-dashboard pipeline for a specific data source (firewall, EDR, cloud service, etc.) without configuring each component individually.
For example, installing a firewall app deploys the logger models and parsers for collecting the firewall logs, stream rules and batch rules for detecting key events, and dashboards for summarizing the detection results — all at once.
App installation files (with a .app extension) can be downloaded from the Logpresso Store (registration required).
Administrator privileges are required to install and manage apps. All users, including administrators, can view the list of installed apps.
App quick launch
Click Apps in the sidebar to open the quick launch panel. From this panel, you can view the list of enabled apps and launch the one you need.
- Click an app card to launch the app. The web console switches to the app-specific menu.
- Use the search tool to find a specific app.
- Click App Management to go to the app management screen.
- Click
to refresh the app list.
App management screen
The app management screen is where you install, enable, disable, and uninstall apps. You can access the app management screen by:
- Clicking App Management in the quick launch panel
- Entering the
/appspath directly in the address bar
On the app management screen, installed apps are displayed as cards. The app list is divided into two groups: Enabled apps and Disabled apps.
Each app card displays the following information:
- App icon: An icon that identifies the app
- App name: The name of the app. Long names are truncated with an ellipsis; hover over the name to see the full text.
- Version: The installed version of the app
- Description: A brief description of the app
To find a specific app in the list, use the search tool in the toolbar.
If no apps are installed, a guide screen is displayed with a link to the Logpresso Store.
Download list
To download the app list as a file, click 
in the toolbar. The downloaded file includes the name, description, version, enabled status, and last build date of each app.
Refresh list
To refresh the app list with the latest information, click in the toolbar.
Install app
To install an app:
-
Click Install in the toolbar on the app management screen.
-
In the App Installation Wizard dialog, select the app file.
- Click Browse and choose the app file (
.app), or drag and drop the app file into the dialog.
- Click Browse and choose the app file (
-
Click Upload to upload the app file to the server. The upload progress is displayed.
- To cancel the upload, click Cancel.
-
Once the upload is complete, app installation starts automatically. In a cluster environment, the installation progress for each node is displayed.
- To cancel during installation, click Cancel.
-
When the app is installed on all nodes, the dialog closes automatically. The app is enabled automatically upon installation, and the app card appears in the Enabled apps group.
Installation notes
Depending on the state of the uploaded app file, the following messages may appear:
- Same version already installed: A message indicates that the app is already installed. Click Confirm to overwrite and reinstall the existing app.
- Different version already installed: A message indicates a version mismatch. Click Confirm to reinstall with the uploaded version.
- Built-in app or CLI-installed app: A message indicates that the app was already installed by another method.
- Invalid manifest: A message indicates that the app file manifest validation failed.
- Invalid app file: A message indicates that the app file validation failed.
- Unresolved dependencies: A message indicates that other apps or components required by the app are not installed.
- Installation error: An error message is displayed based on the cause, such as timeout, connection error, insufficient disk space, or dependency error.
Enable and disable app
An app must be enabled for users to use it. Disabling an app stops the operation of its components, such as dashboards and detection scenarios.
To enable or disable an app:
- Click
in the upper right corner of the app card. - From the menu, click Enable or Disable.
When the enabled status changes, the app card moves to the corresponding group (Enabled apps / Disabled apps).
Run app
Running an app switches the web console menu to the app-specific menu. This is useful when you need to focus on the dashboards and features provided by the app.
To run an app:
- Click in the upper right corner of the enabled app card.
- From the menu, click Run.
- In the confirmation dialog, click Confirm. The web console switches to the app menu.
To stop a running app and return to the default menu:
- Click in the upper right corner of the running app card.
- From the menu, click Stop. The web console switches back to the default menu.
Reinstall app
If you have reconfigured the cluster, some nodes may not have the app installed. Reinstalling the app installs it on the nodes where it is missing.
To reinstall an app:
- Click in the upper right corner of the app card.
- From the menu, click Reinstall.
- The subsequent process is the same as app installation.
Uninstall app
To uninstall an app that is no longer in use:
-
Click
in the upper right corner of the app card. -
From the menu, click Uninstall.
-
In the Uninstall App dialog, confirm that the app to be removed is correct.
-
To delete all objects installed with the app, select Also delete all app objects. When this option is selected, the objects to be deleted are displayed by top-level menu:
Top-level menu Objects to be deleted Dashboards Dashboards, widgets Loggers Parsers, log schemas, logger models, loggers Analysis Datasets Policies Stream rules, batch rules, threat intelligence, behavior profiles, subnet groups, port groups, pattern groups Settings Connect profiles, AI prompts
-
-
Click Uninstall. To keep the app, click Cancel.