Jump to Content
Documentation
Integrations
Home
Documentation
Changelog
v62
v63
v64
v65
v66
v67
v68
v69
v70
v72
v74
v76
v78
v80
v82
v84
v86
v88
v90
Documentation
Integrations
Contact Us
Contact Us
v88
Home
Documentation
Changelog
Search
About LogicHub
Introduction
Getting Started
Integrations
Integrations
Abnormal Security
AbuseIPDB
Accenture MSS
Active Directory
Akamai
Akamai API Gateway
Alexa Web Information Service
AlienVault OTX
AlienVault USM
Amazon AWS
Amazon EC2
Amazon EC2 (Assumed Role)
Amazon S3
Anomali
Anomali Match
Apache Kafka
Apility
Area 1 Security
ARIN Whois
ArcSight ESM
AWS CloudTrail
AWS CloudWatch Logs
AWS EKS
AWS EKS (Assumed Role)
AWS IAM
AWS IAM (Assumed Role)
Axonius
Azure Compute
Azure Monitor
Azure Security Center
Azure Sentinel
Azure Storage
Bitdefender
Blameless
Box
C1fapp
CA Service Desk
Carbon Black Response
Case Management
Censys
CheckPhish AI
Checkpoint Firewall
ClickSend
Cloudflare
Computer Incident Response Center (CIRCL)
Confluence
Cisco AMP
Cisco FirePower
Cisco Stealthwatch
Cisco Talos
Cisco ThreatGrid
Cisco Umbrella
CMDBuild
Cortex XDR
CrowdStrike
CrowdStrike Falcon Host (OAuth Based)
CRXcavator
Cuckoo
Cybereason
Cylance
Darktrace
Demisto
Datadog
Devo
DNS
DomainTools
Dropbox
Duo Security
Elasticsearch
Emerging Threats
Exchange (EWS)
Exchange Online (Graph API)
Falcon Sandbox
Farsight Security DNSDB
Fidelis
File Tools
FireEye ETP
FortiSIEM
Freshservice
GitHub
Google Bigtable
Google Calendar
Google Cloud Storage
Google Compute
Google Safebrowsing
Google Sheets
Google Stackdriver
GRR Authentication Information
Have I Been Pwned?
HCL BigFix
Humio
Hybrid Analysis
IBM OMNIbus via postemsg
IBM QRadar
IBM X-Force
IMAP
IPStack
Jira
Joe Security Sandbox
Lastline
Logentries
MalShare
Malware Domain List
MaxMind
McAfee ATD
McAfee ePO
McAfee ESM
Metadefender
Micro Focus ArcSight Logger
Microsoft 365 Defender
Microsoft Azure NSG Flow Logs
Microsoft Cloud App Security
Microsoft Defender for Endpoint
Microsoft Graph
Microsoft Identity And Access (Graph)
Microsoft SQL Server
Microsoft Teams
Mimecast
Minerva Labs
MISP
MistNet
MongoDB
MxToolbox
Myip.ms
MySQL
Naverisk
Nessus
NetBIOS
Neutrino
Nexpose
NinjaRMM
Nmap
Obsidian
Okta
OpenPhish
Oracle
OTRS
PagerDuty
Palo Alto Panorama
RiskIQ PassiveTotal
Perforce
Phish.AI
PhishTank
Postgres
Powershell
Proofpoint TAP
Protectwise
Qualys SSL
Qualys Vulnerability Management
Randori
ReversingLabs TitaniumCore A1000
ReversingLabs TitaniumCloud
RSA Archer
Salesforce
SANS Blacklist
SAP Gigya
Screenshot Machine
Securonix SNYPR
ServiceNow
SentinelOne
ServiceNow - Basic Auth
Sharepoint
Shodan
Simulate File
Slack
Slack Web API
Smartsheet
SMB Actions
Smokescreen
SMTP
Splunk
SSH
Sumo Logic
Symantec Data Loss and Prevention (DLP)
Symantec Endpoint Detection and Response (EDR)
Syslog
TCell
Telegram
Tenable
TheHive
Threatminer
TruSTAR
Twilio
Urlscan_IO
Virus Total
VMRay
VMWare
Unshorten.me
Utilities
Web API
Webroot BrightCloud
WildFire
xMatters
YETI
Zendesk
ZeroFox
Zoom
Zscaler
Create Custom Integrations
Remote Agent Client
Use Remote Agent to Access Private Resources Behind a Firewall
Remote Agent Troubleshooting
Playbooks
Automate your Tasks using Playbooks
Introduction to Playbooks
Guide to Playbook Builder
Add a Step to Import Events
Add a Step to Transform Data
Add a Step to Ask User Input
Add a Step to Take Action in Integration
Add a Step to Create Cases and Alerts
Activate Playbook using Streams
Case Management
Manage Alerts
Create Alerts from Playbook Steps
Alerts Advanced Search
Manage Case and Search
Basic Search
Advanced Search
Create Case to Track Security Issues
Markdown Support
Create Task
Identify Similar Cases
Case Settings
Manage Case Types
Customize Case Layouts
Manage Case Fields
Manage Case Workflow
Set Up Case Notifications
Connect Cases with Slack
Create Commands for Cases
Detections
Detections
Dashboard
Dashboard
Manage Dashboard
Create Custom Dashboard
System Dashboards
Settings
Settings
Manage your LogicHub License
LogicHub API Token
User Management
Create User Accounts
Create User Groups
Mutual Transport Layer Security (mTLS)
Install mTLS Client Certificate on Different OS
Send Audit Logs to a Syslog Server
Obtain Credentials from Hashicorp Vault
User Profile
Set Default Playbook Editor
Reset your Password
Users and Groups
Manage Groups
Role Based Access Control (RBAC)
Create and Manage Groups
Groups Permission
Manage Users
Create and Edit Users
Use LDAP to Authenticate Access to LogicHub
Set Password Policy
Unlock a User's Account
Enable or Disable a User
Delete a User
Single Sign On (SSO) Setup
Use Okta SSO to Authenticate Access to LogicHub
Use ADFS SSO Authenticate to LogicHub
How-To-Guides
My Library
Share Content from your Library
Create Connections
Directory Data Source
Create Event Types
System Event Types
Add Destinations
S3 Event Type (Beta)
Playbooks
Manage Playbook Versions
Copy a Playbook
Export and Import Playbooks
Get Expert Assistance to Build your Playbook
Create Playbooks in Easy Mode
Edit a Playbook
Switch between Easy Mode and Advanced Mode
Create a Playbook Query Using Templates
Run Python Scripts in Playbooks
Build a Step with SQL
Add an Integration
Run an Integration with Multiple Connections
Update or Replace a Module
Request an Automation
Add Output
Use Forms to Include Manual Input in Playbooks
Add a Baseline to a Playbook in Easy Mode
Include Data from a CSV or JSON File
Add Fields to the Results Table in Easy Mode
Use Filter within Playbooks in Easy Mode
Filter Form
Group By Form
Extract JSON Fields Form
Create Custom Data Table
Flow Node Reference Form
Basic Operations in Playbook
Create Playbooks in Advanced Mode
Edit a Playbook in Advanced Mode
Add a Step
Add a Module to a Playbook
Create a New Module for Automation
Update or Replace a Module
Add or Remove Event Types
Add an Integration Connection
Add an Integration
Add Computation
Add Task
Add Scorer
Create Score Rules
Learn About Queries
Add Row Level Descriptions
Export as CSV
Add a Baseline in Advanced Mode
Edit Step Details
Change Step Type
Set Up Conditional Execution
Choose the Steps you Want to Present
Add, Rearrange, and Delete Steps
Add an Output Step in Advanced Mode
Straighten Up your Playbook Layout in Advanced Mode
Add Simple Queries to your Playbook
Search Within Playbooks
Playbook Groups
Create a Group
Expand a Group
Delete a Group
Deconstruct a Group
Group Characteristics
Group Limitations
Streams
Create a Stream
Manage your Streams
Filter and Reprocess the List of Batches
Drill Down for Deeper Analysis
Pin Results and Explore the Playbook
Call Attention to Results by Starring Them
Execute Playbooks with Webhook
Splunk App: Trigger LogicHub Stream
Bulk Actions on Streams and Baselines
Stream and Baseline Specific Actions in Batches
Custom Lists
Export and Import Custom Lists
Share Use Cases with Others
Forms Template
Audit Events
Quick Actions
Notifications
Give Feedback
Operators, UDFs & Macros
Operators
addExecutionMetadata
alertTriage
appendToList
approximateLabelLookup
autoJoin
autoJoinScores
autoJoinTables
baselineScorer
buildDecisionTree
buildTermCorpus
buildTermCorpusPerGroup
callScript
callScriptWithTable
classifyUsingDecisionTree
cluster
createDetailsColumnForThreatGPS
createModelFromNumericValues
createModelFromText
createRatingsModel
createScoreCombiner
collectColumns
columnsToJson
columnsToJsonV2
combineScores
dropColumns
dropSingleValueColumns
ensureTableHasColumns
fetchAlerts
fetchCorrelatedEvents
fieldnamesFromJson
fieldnamesHistogram
fieldnamesStatistics
filterBaselineTable
filterBaselineTableByTime
findDiff
forceFail
formClusters
generateScores
geoIpLookup
getFieldnames
gateTask
htmlTableToJson
interpolateScorer
joinTables
jsonListToArray
jsonToColumns
jsonToTable
linkToResultRow
loadBaseline
loadEventsFromExecutionContext
loadList
loadSystemPreference
LogicHub DSL
lookup
lookupClusterId
lookupOperator
makeProcessIdsUnique
markUpJiraText
maskData
matchPattern
matchSimilarFromCorpus
matchSimilarFromCorpusPerGroup
multiLookup
nearestNeighborScorer
notify
partition
pathFromRoot
patternLookup
predictLableFromNumericValues
predictLabelFromText
predictLogType
predictRatings
queryFromList
regex
replaceList
runScript
runSearch
scoreAnomalies
scoreByLeastFrequency
scoreManually
scoreByRandomness
scoreSpikes
select
selectivelyDeleteFromList
splitArray
supervisedScorer
tableToHtmlString
timeBucket
toJson
transpose
transpose2
unionAll
waitForMillis
UDFs
alphanumPattern
coalesceEmpty
decodebase64
encodeBase64
extractParseAnchor
generalizeDate
generalizeInt
generalizeLong
getJsonFields
hash
hasJsonSchema
matches
matchesParseAnchor
maxDouble
maxFloat
maxInt
maxLong
minDouble
minFloat
minInt
minLong
strRandomness
winlogToJsonUDF
timeBucket
scoreCorr
slice
toDoubleArray
toIntArray
toFloatArray
toLongArray
longRound
regexp_count_array
regexp_count
regexp_extract_array
Macros
autoJoinTables Macro
Miscellaneous
Enterprise OVA Set Up
Back Up and Restore Configurations
Replicate Backup Files to AWS S3
Replicate Backup Files to a Separate Machine
Restore from a Backup
Administration of the Linux Server
Set Up Custom Server Name Certificate
Install LogicHub in an Isolated Environment
Disaster Recovery
FAQs
About the lhub_ts column
List Machine Learning Models API
Set Up Slack Integration
Jinja Template
Groups Permission
Suggest Edits
Updated about 1 month ago
Did this page help you?
Yes
No
