LogicHub Product Documentation
Documentation
Welcome to LogicHub Documentation
v68
v57
v58
v59
v60
v61
v62
v63
v64
v65
v66
v67
v68
stable
v69
v70
v72
Home
Documentation
Changelog
Home
Documentation
Recipes
API Reference
Reference
Changelog
Discussions
Page Not Found
Search
{{ state.current().meta.title }}
API Logs
Home
Documentation
Changelog
{{search.symbol}}K
discard
Save Edits
Submit
Suggested Edits
About LogicHub
Introduction to LogicHub
Release Notes
Release Notes
Getting Started
Sign In
Enterprise OVA Set Up
How-To-Guides
Library
Share Content from your Library
Create Connections
Directory Data Source
Create Event Types
System Event Types
Add Destinations
Dashboards
Manage Dashboards
Create a Dashboard
Publish Dashboards to the Content Exchange
Create a Dashboard Widget from a Playbook Step
Export and Import Dashboards
Case Management
Create Cases to Track Work in LogicHub
Search for Cases
Advanced Case Search
Create a Case from a Playbook
Create Commands for Cases
Add Custom Fields to Cases
Add Tasks to a Case
Create Case Types
Identify Similar Cases
Set Up Case Notifications
Create Settings for Cases
Advanced Alerts Search
Playbooks
Manage Playbook Versions
Copy a Playbook
Export and Import Playbooks
Create Playbooks in Easy Mode
Edit a Playbook in Easy Mode
Switch between Easy Mode and Advanced Mode
Create a Playbook Query Using Templates in Easy Mode
Run Python Scripts in Playbooks
Build a Step with SQL in Easy Mode
Add an Integration in Easy Mode
Run Integration with Multiple Connections
Request an Automation
Add Output in Easy Mode
Use Forms to Include Manual Input in Playbooks
Add a Baseline to a Playbook in Easy Mode
Include Data from a CSV or JSON File
Add Fields to the Results Table in Easy Mode
Use Filter within Playbooks in Easy Mode
Filter Form
Create Playbooks in Advanced Mode
Edit a Playbook in Advanced Mode
Add a Step
Add a Module to a Playbook
Create a New Module for Automation
Add or Remove Event Types
Add an Integration Connection
Add an Integration
Add Computation
Add Task
Add Scorer
Create Score Rules
Learn About Queries
Add Row Level Descriptions
Export as CSV
Add a Baseline in Advanced Mode
Edit Step Details
Change Step Type
Set Up Conditional Execution
Choose the Steps you Want to Present
Add, Rearrange, and Delete Steps
Add an Output Step in Advanced Mode
Straighten Up your Playbook Layout in Advanced Mode
Add Simple Queries to your Playbook
Search Within Playbooks in Advanced Mode
Create Alerts from Playbook Steps
Use Incidents to Investigate a Playbook
Playbook Groups
Create a Group
Expand a Group
Delete a Group
Deconstruct a Group
Group Characteristics
Group Limitations
Streams
Create a Stream
Manage your Streams
Filter and Reprocess the List of Batches
Drill Down for Deeper Analysis
Pin Results and Explore the Playbook
Call Attention to Results by Starring Them
Execute Playbooks with Webhook
Pause and Resume a Stream or Baseline
Custom Lists
Export and Import Custom Lists
Create Custom Integrations
Copy and Modify an Existing Integration
View Integrations in the Automation Library
Share Use Cases with Others
Forms Template
Audit Events
Detections
Create Playbooks from MITRE Detections
Quick Actions
Settings
Create User Accounts
Create User Groups
Edit your User Profile
Reset your Password
View Case Alerts
Set Password Policy
Set Default Playbook Editor
Use LDAP to Authenticate Access to LogicHub
Use Okta SSO to Authenticate Access to LogicHub
Use ADFS SSO Authenticate to LogicHub
Manage your LogicHub License
Mutual Transport Layer Security (mTLS)
Install mTLS Client Certificate on Different OS
Configure Email Notification Settings
Send Audit Logs to a Syslog Server
Obtain Credentials from Hashicorp Vault
Remote Agent Client
Use a Remote Agent to Access Private Resources Behind a Firewall
Remote Agent Troubleshooting
Remote Agent High Availability Set Up
Operators and UDFs
Operators
addExecutionMetadata
alertTriage
appendToList
approximateLabelLookup
autoJoin
autoJoinScores
autoJoinTables
baselineScorer
buildDecisionTree
buildTermCorpus
buildTermCorpusPerGroup
callScript
callScriptWithTable
classifyUsingDecisionTree
cluster
createDetailsColumnForThreatGPS
createModelFromNumericValues
createModelFromText
createRatingsModel
createScoreCombiner
collectColumns
columnsToJson
columnsToJsonV2
combineScores
dropColumns
dropSingleValueColumns
ensureTableHasColumns
fetchAlerts
fetchCorrelatedEvents
fieldnamesFromJson
fieldnamesHistogram
filterBaselineTable
filterBaselineTableByTime
findDiff
forceFail
formClusters
generateScores
geoIpLookup
getFieldnames
gateTask
htmlTableToJson
interpolateScorer
joinTables
jsonListToArray
jsonToColumns
jsonToTable
linkToResultRow
loadBaseline
loadEventsFromExecutionContext
loadList
LogicHub DSL
lookup
lookupClusterId
lookupOperator
makeProcessIdsUnique
markUpJiraText
maskData
matchPattern
matchSimilarFromCorpus
matchSimilarFromCorpusPerGroup
multiLookup
nearestNeighborScorer
notify
partition
pathFromRoot
patternLookup
predictLableFromNumericValues
predictLabelFromText
predictLogType
predictRatings
queryFromList
regex
replaceList
runScript
runSearch
scoreAnomalies
scoreByLeastFrequency
scoreManually
scoreByRandomness
scoreSpikes
select
selectivelyDeleteFromList
splitArray
supervisedScorer
tableToHtmlString
timeBucket
toJson
transpose
transpose2
unionAll
waitForMillis
UDFs
alphanumPattern
coalesceEmpty
decodebase64
encodeBase64
extractParseAnchor
generalizeDate
generalizeInt
generalizeLong
getJsonFields
hash
hasJsonSchema
matches
matchesParseAnchor
maxDouble
maxFloat
maxInt
maxLong
minDouble
minFloat
minInt
minLong
strRandomness
winlogToJsonUDF
timeBucket
scoreCorr
slice
toDoubleArray
toIntArray
toFloatArray
toLongArray
longRound
regexp_count_array
regexp_count
regexp_extract_array
Integrations
Integrations
Abnormal Security
AbuseIPDB
Accenture MSS
Active Directory
Akamai
Akamai API Gateway
Alexa Web Information Service
AlienVault OTX
AlienVault USM
Amazon AWS
Amazon EC2
Amazon S3
Anomali
Anomali Match
Apache Kafka
Apility
ARIN Whois
ArcSight ESM
AWS CloudTrail
AWS CloudWatch Logs
AWS EKS
Azure Compute
Azure Monitor
Azure Security Center
Azure Sentinel
Azure Storage
Bitdefender
Box
Carbon Black Response
Case Management
Censys
Checkpoint Firewall
ClickSend
Computer Incident Response Center (CIRCL)
Cisco AMP
Cisco Talos
Cisco ThreatGrid
Cisco Umbrella
CMDBuild
Cortex XDR
CrowdStrike
CrowdStrike Falcon Host (OAuth Based)
CRXcavator
Cuckoo
Cybereason
Darktrace
Datadog
Demisto
Devo
DomainTools
Dropbox
Duo Security
Elasticsearch
Emerging Threats
Google Bigtable
Exchange (EWS)
Falcon Sandbox
Farsight Security DNSDB
File Tools
FortiSIEM
Freshservice
GitHub
Google Calendar
Google Cloud Storage
Google Compute
Google Safebrowsing
Google Stackdriver
GRR Authentication Information
Have I Been Pwned?
HCL BigFix
Humio
Hybrid Analysis
IBM QRadar
IBM X-Force
IMAP
IPStack
Jira
JoeSecurity Sandbox
Lastline
Logentries
MalShare
Malware Domain List
Micro Focus ArcSight Logger
Microsoft 365 Defender
Microsoft Cloud App Security
Microsoft Defender for Endpoint
Microsoft Graph
Microsoft SQL Server
Microsoft Teams
Mimecast
Minerva Labs
MISP
MongoDB
MxToolbox
Myip.ms
MySQL
Nessus
NetBIOS
Nmap
Obsidian
OpenPhish
Oracle
OTRS
RiskIQ PassiveTotal
Phish.AI
PhishTank
Postgres
Qualys SSL
Qualys Vulnerability Management
Randori
ReversingLabs TitaniumCloud
Salesforce
SANS Blacklist
SAP Gigya
Securonix SNYPR
ServiceNow
Sharepoint
Shodan
Smartsheet
SMB Actions
Smokescreen
SMTP
Splunk
SSH
Sumo Logic
Symantec Data Loss and Prevention (DLP)
Syslog
TheHive
Threatminer
TruSTAR
Urlscan_IO
Virus Total
Unshorten.me
Utilities
Utilities
Web API
Webroot BrightCloud
YETI
Zendesk
Zoom
Zscaler
Macros
autoJoinTables Macro
Miscellaneous
Back Up and Restore Configurations
Replicate Backup Files to AWS S3
Replicate Backup Files to a Separate Machine
Restore from a Backup
Administration of the Linux Server
Set Up Custom Server Name Certificate
Install LogicHub in an Isolated Environment
Disaster Recovery
FAQs
About the lhub_ts column
List Machine Learning Models API
Setup Slack Integration
Jinja Template
About LogicHub
Introduction to LogicHub
Release Notes
Release Notes
Getting Started
Sign In
Enterprise OVA Set Up
How-To-Guides
Library
Share Content from your Library
Create Connections
Directory Data Source
Create Event Types
System Event Types
Add Destinations
Dashboards
Manage Dashboards
Create a Dashboard
Publish Dashboards to the Content Exchange
Create a Dashboard Widget from a Playbook Step
Export and Import Dashboards
Case Management
Create Cases to Track Work in LogicHub
Search for Cases
Advanced Case Search
Create a Case from a Playbook
Create Commands for Cases
Add Custom Fields to Cases
Add Tasks to a Case
Create Case Types
Identify Similar Cases
Set Up Case Notifications
Create Settings for Cases
Advanced Alerts Search
Playbooks
Manage Playbook Versions
Copy a Playbook
Export and Import Playbooks
Create Playbooks in Easy Mode
Edit a Playbook in Easy Mode
Switch between Easy Mode and Advanced Mode
Create a Playbook Query Using Templates in Easy Mode
Run Python Scripts in Playbooks
Build a Step with SQL in Easy Mode
Add an Integration in Easy Mode
Run Integration with Multiple Connections
Request an Automation
Add Output in Easy Mode
Use Forms to Include Manual Input in Playbooks
Add a Baseline to a Playbook in Easy Mode
Include Data from a CSV or JSON File
Add Fields to the Results Table in Easy Mode
Use Filter within Playbooks in Easy Mode
Filter Form
Create Playbooks in Advanced Mode
Edit a Playbook in Advanced Mode
Add a Step
Add a Module to a Playbook
Create a New Module for Automation
Add or Remove Event Types
Add an Integration Connection
Add an Integration
Add Computation
Add Task
Add Scorer
Create Score Rules
Learn About Queries
Add Row Level Descriptions
Export as CSV
Add a Baseline in Advanced Mode
Edit Step Details
Change Step Type
Set Up Conditional Execution
Choose the Steps you Want to Present
Add, Rearrange, and Delete Steps
Add an Output Step in Advanced Mode
Straighten Up your Playbook Layout in Advanced Mode
Add Simple Queries to your Playbook
Search Within Playbooks in Advanced Mode
Create Alerts from Playbook Steps
Use Incidents to Investigate a Playbook
Playbook Groups
Create a Group
Expand a Group
Delete a Group
Deconstruct a Group
Group Characteristics
Group Limitations
Streams
Create a Stream
Manage your Streams
Filter and Reprocess the List of Batches
Drill Down for Deeper Analysis
Pin Results and Explore the Playbook
Call Attention to Results by Starring Them
Execute Playbooks with Webhook
Pause and Resume a Stream or Baseline
Custom Lists
Export and Import Custom Lists
Create Custom Integrations
Copy and Modify an Existing Integration
View Integrations in the Automation Library
Share Use Cases with Others
Forms Template
Audit Events
Detections
Create Playbooks from MITRE Detections
Quick Actions
Settings
Create User Accounts
Create User Groups
Edit your User Profile
Reset your Password
View Case Alerts
Set Password Policy
Set Default Playbook Editor
Use LDAP to Authenticate Access to LogicHub
Use Okta SSO to Authenticate Access to LogicHub
Use ADFS SSO Authenticate to LogicHub
Manage your LogicHub License
Mutual Transport Layer Security (mTLS)
Install mTLS Client Certificate on Different OS
Configure Email Notification Settings
Send Audit Logs to a Syslog Server
Obtain Credentials from Hashicorp Vault
Remote Agent Client
Use a Remote Agent to Access Private Resources Behind a Firewall
Remote Agent Troubleshooting
Remote Agent High Availability Set Up
Operators and UDFs
Operators
addExecutionMetadata
alertTriage
appendToList
approximateLabelLookup
autoJoin
autoJoinScores
autoJoinTables
baselineScorer
buildDecisionTree
buildTermCorpus
buildTermCorpusPerGroup
callScript
callScriptWithTable
classifyUsingDecisionTree
cluster
createDetailsColumnForThreatGPS
createModelFromNumericValues
createModelFromText
createRatingsModel
createScoreCombiner
collectColumns
columnsToJson
columnsToJsonV2
combineScores
dropColumns
dropSingleValueColumns
ensureTableHasColumns
fetchAlerts
fetchCorrelatedEvents
fieldnamesFromJson
fieldnamesHistogram
filterBaselineTable
filterBaselineTableByTime
findDiff
forceFail
formClusters
generateScores
geoIpLookup
getFieldnames
gateTask
htmlTableToJson
interpolateScorer
joinTables
jsonListToArray
jsonToColumns
jsonToTable
linkToResultRow
loadBaseline
loadEventsFromExecutionContext
loadList
LogicHub DSL
lookup
lookupClusterId
lookupOperator
makeProcessIdsUnique
markUpJiraText
maskData
matchPattern
matchSimilarFromCorpus
matchSimilarFromCorpusPerGroup
multiLookup
nearestNeighborScorer
notify
partition
pathFromRoot
patternLookup
predictLableFromNumericValues
predictLabelFromText
predictLogType
predictRatings
queryFromList
regex
replaceList
runScript
runSearch
scoreAnomalies
scoreByLeastFrequency
scoreManually
scoreByRandomness
scoreSpikes
select
selectivelyDeleteFromList
splitArray
supervisedScorer
tableToHtmlString
timeBucket
toJson
transpose
transpose2
unionAll
waitForMillis
UDFs
alphanumPattern
coalesceEmpty
decodebase64
encodeBase64
extractParseAnchor
generalizeDate
generalizeInt
generalizeLong
getJsonFields
hash
hasJsonSchema
matches
matchesParseAnchor
maxDouble
maxFloat
maxInt
maxLong
minDouble
minFloat
minInt
minLong
strRandomness
winlogToJsonUDF
timeBucket
scoreCorr
slice
toDoubleArray
toIntArray
toFloatArray
toLongArray
longRound
regexp_count_array
regexp_count
regexp_extract_array
Integrations
Integrations
Abnormal Security
AbuseIPDB
Accenture MSS
Active Directory
Akamai
Akamai API Gateway
Alexa Web Information Service
AlienVault OTX
AlienVault USM
Amazon AWS
Amazon EC2
Amazon S3
Anomali
Anomali Match
Apache Kafka
Apility
ARIN Whois
ArcSight ESM
AWS CloudTrail
AWS CloudWatch Logs
AWS EKS
Azure Compute
Azure Monitor
Azure Security Center
Azure Sentinel
Azure Storage
Bitdefender
Box
Carbon Black Response
Case Management
Censys
Checkpoint Firewall
ClickSend
Computer Incident Response Center (CIRCL)
Cisco AMP
Cisco Talos
Cisco ThreatGrid
Cisco Umbrella
CMDBuild
Cortex XDR
CrowdStrike
CrowdStrike Falcon Host (OAuth Based)
CRXcavator
Cuckoo
Cybereason
Darktrace
Datadog
Demisto
Devo
DomainTools
Dropbox
Duo Security
Elasticsearch
Emerging Threats
Google Bigtable
Exchange (EWS)
Falcon Sandbox
Farsight Security DNSDB
File Tools
FortiSIEM
Freshservice
GitHub
Google Calendar
Google Cloud Storage
Google Compute
Google Safebrowsing
Google Stackdriver
GRR Authentication Information
Have I Been Pwned?
HCL BigFix
Humio
Hybrid Analysis
IBM QRadar
IBM X-Force
IMAP
IPStack
Jira
JoeSecurity Sandbox
Lastline
Logentries
MalShare
Malware Domain List
Micro Focus ArcSight Logger
Microsoft 365 Defender
Microsoft Cloud App Security
Microsoft Defender for Endpoint
Microsoft Graph
Microsoft SQL Server
Microsoft Teams
Mimecast
Minerva Labs
MISP
MongoDB
MxToolbox
Myip.ms
MySQL
Nessus
NetBIOS
Nmap
Obsidian
OpenPhish
Oracle
OTRS
RiskIQ PassiveTotal
Phish.AI
PhishTank
Postgres
Qualys SSL
Qualys Vulnerability Management
Randori
ReversingLabs TitaniumCloud
Salesforce
SANS Blacklist
SAP Gigya
Securonix SNYPR
ServiceNow
Sharepoint
Shodan
Smartsheet
SMB Actions
Smokescreen
SMTP
Splunk
SSH
Sumo Logic
Symantec Data Loss and Prevention (DLP)
Syslog
TheHive
Threatminer
TruSTAR
Urlscan_IO
Virus Total
Unshorten.me
Utilities
Utilities
Web API
Webroot BrightCloud
YETI
Zendesk
Zoom
Zscaler
Macros
autoJoinTables Macro
Miscellaneous
Back Up and Restore Configurations
Replicate Backup Files to AWS S3
Replicate Backup Files to a Separate Machine
Restore from a Backup
Administration of the Linux Server
Set Up Custom Server Name Certificate
Install LogicHub in an Isolated Environment
Disaster Recovery
FAQs
About the lhub_ts column
List Machine Learning Models API
Setup Slack Integration
Jinja Template
Only admins can see this
Enable it for everyone
About LogicHub
Introduction to LogicHub
Release Notes
Release Notes
Getting Started
Sign In
Enterprise OVA Set Up
How-To-Guides
Library
Dashboards
Case Management
View All 18
Operators and UDFs
Operators
UDFs
Integrations
Integrations
Macros
autoJoinTables Macro
Miscellaneous
Back Up and Restore Configurations
Administration of the Linux Server
Install LogicHub in an Isolated Environment
View All 4
FAQs
About the lhub_ts column
List Machine Learning Models API
Setup Slack Integration
View All 4
© 2017-2021 LogicHub®. All Rights Reserved.