LogRhythm
Version: 2.0.0
LogRhythm is an enterprise-class platform that seamlessly combines SIEM, log management, file integrity monitoring and machine analytics with host and network forensics in a unified Security Intelligence Platform.
Connect LogRhythm with Logichub
- Navigate to Automations > Integrations.
- Search for LogRhythm.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- URL: URL of Logrhythm.
- API Token: API Token to access Logrhythm.
- After you've entered all the details, click Connect.
Actions for Logrhythm
Query Alarms
Query the alarms on Logrhythm
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Query String | Jinja-templated The query string available with Alarm REST call with Jinja format. Example {{logrhythm_query_string}} | Required |
Get Alarm Detail
Get the detail of alarm
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alarm Id | Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}} | Required |
Update Alarm Status
Update the status of the Alarm
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alarm Id | Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}} | Required |
| Alarm Status | Jinja-templated text containing the Status of the alarm. Example: {{Alarm Status}} | Required |
Update Alarm RBP
Update the RBP of the Alarm
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alarm Id | Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}} | Required |
| RBP | Jinja-templated text containing the RBP of the alarm. Example: {{RBP}} | Required |
Add Alarm Comment
Add the Comment in the Alarm
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alarm Id | Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}} | Required |
| Alarm Comment | Jinja-templated text containing the Comment of the alarm. Example: {{Alarm Comment}} | Required |
Get Alarm Events
Get the Events of the Alarm
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alarm Id | Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}} | Required |
Get Intel
Get the Intel
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| IOC | Jinja-templated text containing the IOC. Example: {{IOC}} | Required |
Test Connectivity
Test the Connectivity
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Host Id | Jinja-templated text containing the Host Id. Example: {{Host Id}} | Required |
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.0.3- Added 8 actions to LogRhythm integration.
Updated about 1 year ago