Jump to Content
Documentation
Integrations
Home
Documentation
Changelog
v129
v135
v136
Documentation
Integrations
Contact Us
Documentation
Contact Us
v136
Home
Documentation
Changelog
Playbook Builder V1
About DevoSOAR
Introduction
Getting Started
Integrations
Integrations
Abnormal Security
Absolute
AbuseIPDB
Accenture MSS
Active Directory
Akamai
Akamai API Gateway
Alexa Web Information Service
AlienVault OTX
AlienVault USM
Amazon AWS
Amazon EC2
Amazon EC2 (Assumed Role)
Amazon S3
Anomali
Anomali Match
Anyrun
Apache Kafka
Apility
Apivoid
Arbor Sightline
Area 1 Security
ARIN Whois
AttackForge
ArcSight ESM
AWS CloudTrail
AWS CloudWatch Logs
AWS EKS
AWS EKS (Assumed Role)
AWS IAM
AWS IAM (Assumed Role)
Axonius
Azure Compute
Azure Monitor
Azure Security Center
Azure Sentinel
Azure Storage
Beyond Trust
Bitdefender
Blameless
Box
C1fapp
CA Service Desk
Carbon Black Response
Carbon Black Response v2
Case Management
Censys
CheckPhish AI
Checkpoint Firewall
ClickSend
Cloudflare
Computer Incident Response Center (CIRCL)
Confluence
Cisco AMP
Cisco Ironport
Cisco FirePower
Cisco Secure Endpoint
Cisco Stealthwatch
Cisco Stealthwatch Enterprise
Cisco Talos
Cisco ThreatGrid
Cisco Umbrella
CMDBuild
Cortex XDR
CrowdStrike
CrowdStrike Falcon Host (OAuth Based)
CRXcavator
Cuckoo
Cyberark EPM
Cybereason
Cylance
Darktrace
Demisto
Datadog
Devo
DNS
DomainTools
Dropbox
Duo Security
Elasticsearch
Emerging Threats
EasyVista
Exchange (EWS)
Exchange (Quarantine Messages)
Exchange Online (Graph API)
Expel
Falcon Sandbox
Farsight Security DNSDB
Fidelis
File Store
File Tools
FireEye ETP
FireEye Helix
Flashpoint
Flashpoint Ignite
FortiSIEM
Freshservice
GitHub
Google Bigtable
Google Calendar
Google Cloud Storage
Google Compute
Google Gemini
Google Safebrowsing
Google Sheets
Google Stackdriver
GRR
Have I Been Pwned?
HCL BigFix
Humio
Hybrid Analysis
IBM OMNIbus via postemsg
IBM QRadar
IBM X-Force
IMAP
Intezer
IP Quality Score
IPStack
JAMF
JDBC
Jira
Joe Security Sandbox
JumpCloud
KnowBe4
Lastline
Logentries
LogRhythm
MalShare
Malware Domain List
Mandiant
MaxMind
McAfee ATD
McAfee ePO
McAfee ESM
Metadefender
Micro Focus ArcSight Logger
Microsoft 365 Defender
Microsoft Azure NSG Flow Logs
Microsoft Cloud App Security
Microsoft Defender for Endpoint
Microsoft Graph
Microsoft Identity And Access (Graph)
Microsoft SQL Server
Microsoft Teams
Mimecast
Minerva Labs
MISP
MistNet
MongoDB
MxToolbox
Myip.ms
MySQL
Naverisk
Nessus
NetBIOS
Netskope
Netwitness
Neutrino
Nexpose
NinjaRMM
Nmap
Obsidian
Okta
OpenPhish
Opensearch
OpsGenie
Oracle
OTRS
PagerDuty
Palo Alto Panorama
RiskIQ PassiveTotal
Perforce
Phish.AI
PhishTank
Postgres
Power BI
Powershell
Proofpoint TAP
Protectwise
Qualys SSL
Qualys Vulnerability Management
Randori
Rapid7 Insight VM
Recorded Future
Recorded Future Triage
ReversingLabs TitaniumCore A1000
ReversingLabs TitaniumCloud
RSA Archer
Sailpoint
Salesforce
SANS Blacklist
SAP Gigya
Screenshot Machine
Securonix SNYPR
SentinelOne
ServiceNow
ServiceNow - Basic Auth
Sharepoint
Shodan
Simulate File
Slack
Slack Web API
Smartsheet
SMB Actions
Smokescreen
SMTP
Snowflake
Solarwinds Orion
Splunk
SpyCloud
SSH
Sumo Logic
Symantec Data Loss and Prevention (DLP)
Symantec Endpoint Detection and Response (EDR)
Syslog
TAXII
TCell
Telegram
Tenable
TheHive
Threatminer
Trend Micro Cloud Conformity
Trend Micro Workload Security
TruSTAR
Trellix Sandbox
Twilio
Urlscan_IO
Unshorten.me
Utilities
Virus Total
Virus Total v2
VMRay
VMWare
Web API
Webroot BrightCloud
WildFire
xMatters
YETI
Zendesk
Zenduty
ZeroFox
Zoom
Zscaler
Zscaler ZPA
Cortex SOAR
Kibana
Create Custom Integrations
Overview
Integration Connection
Integration Action
Remote Agent Client
Use Remote Agent to Access Private Resources Behind a Firewall
Remote Agent Installation, Configuration and Upgradation
Remote Agent Troubleshooting (version < 2.2.1)
Remote Agent Troubleshooting (version >= 2.2.1)
Playbooks
Introduction to Playbooks
Automate your Tasks using Playbooks
Guide to Playbook Builder
Add a Step to Import Events
Add a Step to Transform Data
Add a Step to Ask User Input
Add a Step to Take Action in Integration
Add a Step to Create Cases and Alerts
Activate Playbook using Streams
Explore Playbooks in V1 mode (Advanced Mode)
Playbook Groups
Add a Baseline to a Playbook
Score Rules
Search Within Playbooks
Set Up Conditional Execution
Choose the Steps you Want to Present
Case Management
Manage Alerts
Create Alerts from Playbook Steps
Alerts Advanced Search
Manage Case and Search
Basic Search
Advanced Search
Create Case to Track Security Issues
Markdown Support
Create Task
Identify Similar Cases
Case Settings
Manage Case Types
Customize Case Layouts
Manage Case Fields
Manage Case Workflow
Set Up Case Notifications
Connect Cases with Slack
Manage Case Details
Create Commands for Cases
Detections
Detections
Dashboard
Dashboard
Manage Dashboard
Create Custom Dashboard
System Dashboards
Users and Groups
User Management
Role Based Access Control (RBAC)
Manage Users
Create and Edit Users
Use LDAP to Authenticate Access to LogicHub
Set Password Policy
Reset a User's Password
Unlock a User's Account
Enable or Disable a User
Delete a User
Manage Groups
Create and Manage Groups
Groups Permission
Single Sign ON (SSO) Setup
Use Okta SSO to Authenticate Access to LogicHub
Use ADFS SSO Authenticate to LogicHub
Settings
Settings
Manage your LogicHub License
Mutual Transport Layer Security (mTLS)
Install mTLS Client Certificate on Different OS
Send Audit Logs to a Syslog Server
Obtain Credentials from Hashicorp Vault
SMTP connections
User Profile
How-To-Guides
My Library
Share Content from your Library
Create Connections
Directory Data Source
Create Event Types
System Event Types
Add Destinations
S3 Event Type (Beta)
Playbooks
Copy a Playbook
Export and Import Playbooks
Get Expert Assistance to Build your Playbook
Create Playbooks in Easy Mode
Edit a Playbook
Switch between Easy Mode and Advanced Mode
Create a Playbook Query Using Templates
Run Python Scripts in Playbooks
Build a Step with SQL
Add an Integration
Run an Integration with Multiple Connections
Update or Replace a Module
Request an Automation
Add Output
Use Forms to Include Manual Input in Playbooks
Add a Baseline to a Playbook in Easy Mode
Include Data from a CSV or JSON File
Add Fields to the Results Table in Easy Mode
Use Filter within Playbooks in Easy Mode
Filter Form
Group By Form
Extract JSON Fields Form
Create Custom Data Table
Flow Node Reference Form
Basic Operations in Playbook
Create Playbooks in Advanced Mode
Playbook Module
Create a New Module for Automation
Update or Replace a Module
Add or Remove Event Types
Add an Integration Connection
Add an Integration
Add Computation
Learn About Queries
Add Row Level Descriptions
Add, Rearrange, and Delete Steps
Add an Output Step in Advanced Mode
Straighten Up your Playbook Layout in Advanced Mode
Add Simple Queries to your Playbook
Streams
Create a Stream
Manage your Streams
Filter and Reprocess the List of Batches
Drill Down for Deeper Analysis
Pin Results and Explore the Playbook
Call Attention to Results by Starring Them
Execute Playbooks with Webhook
Splunk App: Trigger LogicHub Stream
Bulk Actions on Streams and Baselines
Stream and Baseline Specific Actions in Batches
Forms Template
Custom Lists
Export and Import Custom Lists
Share Use Cases with Others
Audit Events
Quick Actions
Notifications
Give Feedback
Operators, UDFs & Macros
Operators
addExecutionMetadata
addFieldInJSON
alertTriage
appendToList
appendToListIfNotExist
approximateLabelLookup
autoJoin
autoJoinScores
autoJoinTables
baselineScorer
baselineScorerV2
buildDecisionTree
buildTermCorpus
buildTermCorpusPerGroup
callScript
callScriptWithTable
classifyUsingDecisionTree
cluster
createDetailsColumnForThreatGPS
createModelFromNumericValues
createModelFromText
createRatingsModel
createScoreCombiner
CoalesceColumns
collectColumns
columnsToJson
columnsToJsonV2
combineScores
dropColumns
dropSingleValueColumns
DSL
ensureTableHasColumns
extractFieldInJSON
fetchAlerts
fetchCorrelatedEvents
fieldnamesFromJson
fieldnamesHistogram
fieldnamesStatistics
filterBaselineTable
filterBaselineTableByTime
findDiff
forceFail
formClusters
generateScores
geoIpLookup
getFieldnames
gateTask
htmlTableToJson
interpolateScorer
joinTables
jsonListToArray
jsonToColumns
jsonToTable
linkToResultRow
loadBaseline
loadEventsFromExecutionContext
loadList
loadSystemPreference
lookup
lookupClusterId
lookupOperator
makeProcessIdsUnique
markUpJiraText
maskData
matchPattern
matchSimilarFromCorpus
matchSimilarFromCorpusPerGroup
multiLookup
nearestNeighborScorer
notify
parseJson
partition
pathFromRoot
patternLookup
predictLabelFromNumericValues
predictLabelFromText
predictLogType
predictRatings
queryFromList
regex
removeFieldInJSON
replaceFieldInJSON
replaceList
runScript
runScriptV2
runSearch
scoreAnomalies
scoreByLeastFrequency
scoreManually
scoreByRandomness
scoreSpikes
select
selectivelyDeleteFromList
splitArray
SplitColumn
supervisedScorer
tableToHtmlString
tableToJson
timeBucket
toJson
transpose
transpose2
unionAll
waitForMillis
UDFs
alphanumPattern
coalesceEmpty
decodebase64
encodeBase64
extractParseAnchor
generalizeDate
generalizeInt
generalizeLong
getJsonFields
hash
hasJsonSchema
matches
matchesParseAnchor
maxDouble
maxFloat
maxInt
maxLong
minDouble
minFloat
minInt
minLong
mapStrToJson
strRandomness
winlogToJsonUDF
timeBucket
scoreCorr
slice
toDoubleArray
toIntArray
toFloatArray
toLongArray
longRound
regexp_count_array
regexp_count
regexp_extract_array
Macros
autoJoinTables Macro
Miscellaneous
Back Up and Restore Configurations
Replicate Backup Files to AWS S3
Replicate Backup Files to a Separate Machine
Restore from a Backup
Administration of the Linux Server
Set Up Custom Server Name Certificate
Disaster Recovery
Protection of data on the platform
Source Onboard Prerequisites
Phishing Playbook Building PreRequisites
FAQs
About the lhub_ts column
List Machine Learning Models API
Set Up Slack Integration
Jinja Template
Playbook Builder V1
Suggest Edits
Updated over 2 years ago
Copy Page
© Devo Technology Inc. All Rights Reserved.
