LogRhythm

Version: 2.0.0

LogRhythm is an enterprise-class platform that seamlessly combines SIEM, log management, file integrity monitoring and machine analytics with host and network forensics in a unified Security Intelligence Platform.

Connect LogRhythm with Logichub

  1. Navigate to Automations > Integrations.
  2. Search for LogRhythm.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • URL: URL of Logrhythm.
    • API Token: API Token to access Logrhythm.
  4. After you've entered all the details, click Connect.

Actions for Logrhythm

Query Alarms

Query the alarms on Logrhythm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Query StringJinja-templated The query string available with Alarm REST call with Jinja format. Example {{logrhythm_query_string}}Required

Get Alarm Detail

Get the detail of alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alarm IdJinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}Required

Update Alarm Status

Update the status of the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alarm IdJinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}Required
Alarm StatusJinja-templated text containing the Status of the alarm. Example: {{Alarm Status}}Required

Update Alarm RBP

Update the RBP of the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alarm IdJinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}Required
RBPJinja-templated text containing the RBP of the alarm. Example: {{RBP}}Required

Add Alarm Comment

Add the Comment in the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alarm IdJinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}Required
Alarm CommentJinja-templated text containing the Comment of the alarm. Example: {{Alarm Comment}}Required

Get Alarm Events

Get the Events of the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alarm IdJinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}Required

Get Intel

Get the Intel

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IOCJinja-templated text containing the IOC. Example: {{IOC}}Required

Test Connectivity

Test the Connectivity

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Host IdJinja-templated text containing the Host Id. Example: {{Host Id}}Required

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.0.3 - Added 8 actions to LogRhythm integration.

© Devo Technology Inc. All Rights Reserved.