Jump to Content
LogicHub Product DocumentationDocumentationIntegrations
HomeDocumentationChangelog
DocumentationIntegrationsContact UsLogicHub Product Documentation
Contact Us
HomeDocumentationChangelog

About LogicHub

  • Introduction
  • Getting Started

Integrations

  • Integrations
    • Abnormal Security
    • AbuseIPDB
    • Accenture MSS
    • Active Directory
    • Akamai
    • Akamai API Gateway
    • Alexa Web Information Service
    • AlienVault OTX
    • AlienVault USM
    • Amazon AWS
    • Amazon EC2
    • Amazon EC2 (Assumed Role)
    • Amazon S3
    • Anomali
    • Anomali Match
    • Apache Kafka
    • Apility
    • Area 1 Security
    • ARIN Whois
    • ArcSight ESM
    • AWS CloudTrail
    • AWS CloudWatch Logs
    • AWS EKS
    • AWS EKS (Assumed Role)
    • AWS IAM
    • AWS IAM (Assumed Role)
    • Axonius
    • Azure Compute
    • Azure Monitor
    • Azure Security Center
    • Azure Sentinel
    • Azure Storage
    • Bitdefender
    • Blameless
    • Box
    • C1fapp
    • CA Service Desk
    • Carbon Black Response
    • Carbon Black Response v2
    • Case Management
    • Censys
    • CheckPhish AI
    • Checkpoint Firewall
    • ClickSend
    • Cloudflare
    • Computer Incident Response Center (CIRCL)
    • Confluence
    • Cisco AMP
    • Cisco FirePower
    • Cisco Stealthwatch
    • Cisco Stealthwatch Enterprise
    • Cisco Talos
    • Cisco ThreatGrid
    • Cisco Umbrella
    • CMDBuild
    • Cortex XDR
    • CrowdStrike
    • CrowdStrike Falcon Host (OAuth Based)
    • CRXcavator
    • Cuckoo
    • Cybereason
    • Cylance
    • Darktrace
    • Demisto
    • Datadog
    • Devo
    • DNS
    • DomainTools
    • Dropbox
    • Duo Security
    • Elasticsearch
    • Emerging Threats
    • EasyVista
    • Exchange (EWS)
    • Exchange (Quarantine Messages)
    • Exchange Online (Graph API)
    • Expel
    • Falcon Sandbox
    • Farsight Security DNSDB
    • Fidelis
    • File Store
    • File Tools
    • FireEye ETP
    • Flashpoint
    • FortiSIEM
    • Freshservice
    • GitHub
    • Google Bigtable
    • Google Calendar
    • Google Cloud Storage
    • Google Compute
    • Google Safebrowsing
    • Google Sheets
    • Google Stackdriver
    • GRR Authentication Information
    • Have I Been Pwned?
    • HCL BigFix
    • Humio
    • Hybrid Analysis
    • IBM OMNIbus via postemsg
    • IBM QRadar
    • IBM X-Force
    • IMAP
    • IP Quality Score
    • IPStack
    • JDBC
    • Jira
    • Joe Security Sandbox
    • Lastline
    • Logentries
    • LogRhythm
    • MalShare
    • Malware Domain List
    • Mandiant
    • MaxMind
    • McAfee ATD
    • McAfee ePO
    • McAfee ESM
    • Metadefender
    • Micro Focus ArcSight Logger
    • Microsoft 365 Defender
    • Microsoft Azure NSG Flow Logs
    • Microsoft Cloud App Security
    • Microsoft Defender for Endpoint
    • Microsoft Graph
    • Microsoft Identity And Access (Graph)
    • Microsoft SQL Server
    • Microsoft Teams
    • Mimecast
    • Minerva Labs
    • MISP
    • MistNet
    • MongoDB
    • MxToolbox
    • Myip.ms
    • MySQL
    • Naverisk
    • Nessus
    • NetBIOS
    • Netwitness
    • Neutrino
    • Nexpose
    • NinjaRMM
    • Nmap
    • Obsidian
    • Okta
    • OpenPhish
    • Oracle
    • OTRS
    • PagerDuty
    • Palo Alto Panorama
    • RiskIQ PassiveTotal
    • Perforce
    • Phish.AI
    • PhishTank
    • Postgres
    • Power BI
    • Powershell
    • Proofpoint TAP
    • Protectwise
    • Qualys SSL
    • Qualys Vulnerability Management
    • Randori
    • Recorded Future
    • ReversingLabs TitaniumCore A1000
    • ReversingLabs TitaniumCloud
    • RSA Archer
    • Salesforce
    • SANS Blacklist
    • SAP Gigya
    • Screenshot Machine
    • Securonix SNYPR
    • SentinelOne
    • ServiceNow
    • ServiceNow - Basic Auth
    • Sharepoint
    • Shodan
    • Simulate File
    • Slack
    • Slack Web API
    • Smartsheet
    • SMB Actions
    • Smokescreen
    • SMTP
    • Snowflake
    • Splunk
    • SpyCloud
    • SSH
    • Sumo Logic
    • Symantec Data Loss and Prevention (DLP)
    • Symantec Endpoint Detection and Response (EDR)
    • Syslog
    • TAXII
    • TCell
    • Telegram
    • Tenable
    • TheHive
    • Threatminer
    • Trend Micro Cloud Conformity
    • TruSTAR
    • Twilio
    • Urlscan_IO
    • Virus Total
    • VMRay
    • VMWare
    • Unshorten.me
    • Utilities
    • Web API
    • Webroot BrightCloud
    • WildFire
    • xMatters
    • YETI
    • Zendesk
    • ZeroFox
    • Zoom
    • Zscaler
    • Zscaler ZPA
  • Create Custom Integrations
  • Remote Agent Client
    • Use Remote Agent to Access Private Resources Behind a Firewall
    • Remote Agent Installation, Configuration and Upgradation
    • Remote Agent Troubleshooting (version < 2.2.1)
    • Remote Agent Troubleshooting (version >= 2.2.1)

LogicHub SIEM

  • LogicHub SIEM Introduction
  • SIEM Integration & User Access
    • Kibana Query Language
    • Kibana Discover
  • LogicHub SIEM Architecture
  • SIEM Event Type
    • Create Connections - SIEM
    • Use of Event type in LogicHub Playbook

Playbooks

  • Introduction to Playbooks
  • Automate your Tasks using Playbooks
    • Guide to Playbook Builder
    • Add a Step to Import Events
    • Add a Step to Transform Data
    • Add a Step to Ask User Input
    • Add a Step to Take Action in Integration
    • Add a Step to Create Cases and Alerts
    • Activate Playbook using Streams
  • Explore Playbooks in V1 mode (Advanced Mode)
    • Playbook Groups
    • Add a Baseline to a Playbook
    • Score Rules
    • Search Within Playbooks
    • Set Up Conditional Execution
    • Choose the Steps you Want to Present

Case Management

  • Manage Alerts
    • Create Alerts from Playbook Steps
    • Alerts Advanced Search
  • Manage Case and Search
    • Basic Search
    • Advanced Search
  • Create Case to Track Security Issues
    • Markdown Support
  • Create Task
  • Identify Similar Cases
  • Case Settings
    • Manage Case Types
    • Customize Case Layouts
    • Manage Case Fields
    • Manage Case Workflow
    • Set Up Case Notifications
    • Connect Cases with Slack
    • Manage Case Details
  • Create Commands for Cases

Detections

  • Detections

Dashboard

  • Dashboard
  • Manage Dashboard
  • Create Custom Dashboard
  • System Dashboards

Users and Groups

  • User Management
  • Role Based Access Control (RBAC)
  • Manage Users
    • Create and Edit Users
    • Use LDAP to Authenticate Access to LogicHub
    • Set Password Policy
    • Reset a User's Password
    • Unlock a User's Account
    • Enable or Disable a User
    • Delete a User
  • Manage Groups
    • Create and Manage Groups
    • Groups Permission
  • Single Sign ON (SSO) Setup
    • Use Okta SSO to Authenticate Access to LogicHub
    • Use ADFS SSO Authenticate to LogicHub

Settings

  • Settings
  • Manage your LogicHub License
  • Mutual Transport Layer Security (mTLS)
    • Install mTLS Client Certificate on Different OS
  • Send Audit Logs to a Syslog Server
  • Obtain Credentials from Hashicorp Vault
  • SMTP connections
  • User Profile

How-To-Guides

  • My Library
    • Share Content from your Library
    • Create Connections
    • Directory Data Source
    • Create Event Types
    • System Event Types
    • Add Destinations
    • S3 Event Type (Beta)
  • Playbooks
    • Copy a Playbook
    • Export and Import Playbooks
    • Get Expert Assistance to Build your Playbook
  • Create Playbooks in Easy Mode
    • Edit a Playbook
    • Switch between Easy Mode and Advanced Mode
    • Create a Playbook Query Using Templates
    • Run Python Scripts in Playbooks
    • Build a Step with SQL
    • Add an Integration
    • Run an Integration with Multiple Connections
    • Update or Replace a Module
    • Request an Automation
    • Add Output
    • Use Forms to Include Manual Input in Playbooks
    • Add a Baseline to a Playbook in Easy Mode
    • Include Data from a CSV or JSON File
    • Add Fields to the Results Table in Easy Mode
    • Use Filter within Playbooks in Easy Mode
    • Filter Form
    • Group By Form
    • Extract JSON Fields Form
    • Create Custom Data Table
    • Flow Node Reference Form
    • Basic Operations in Playbook
  • Create Playbooks in Advanced Mode
    • Playbook Module
    • Create a New Module for Automation
    • Update or Replace a Module
    • Add or Remove Event Types
    • Add an Integration Connection
    • Add an Integration
    • Add Computation
    • Learn About Queries
    • Add Row Level Descriptions
    • Add, Rearrange, and Delete Steps
    • Add an Output Step in Advanced Mode
    • Straighten Up your Playbook Layout in Advanced Mode
    • Add Simple Queries to your Playbook
  • Streams
    • Create a Stream
    • Manage your Streams
    • Filter and Reprocess the List of Batches
    • Drill Down for Deeper Analysis
    • Pin Results and Explore the Playbook
    • Call Attention to Results by Starring Them
    • Execute Playbooks with Webhook
    • Splunk App: Trigger LogicHub Stream
    • Bulk Actions on Streams and Baselines
    • Stream and Baseline Specific Actions in Batches
  • Forms Template
  • Custom Lists
    • Export and Import Custom Lists
  • Share Use Cases with Others
  • Audit Events
  • Quick Actions
  • Notifications
  • Give Feedback

Operators, UDFs & Macros

  • Operators
    • addExecutionMetadata
    • alertTriage
    • appendToList
    • appendToListIfNotExist
    • approximateLabelLookup
    • autoJoin
    • autoJoinScores
    • autoJoinTables
    • baselineScorer
    • baselineScorerV2
    • buildDecisionTree
    • buildTermCorpus
    • buildTermCorpusPerGroup
    • callScript
    • callScriptWithTable
    • classifyUsingDecisionTree
    • cluster
    • createDetailsColumnForThreatGPS
    • createModelFromNumericValues
    • createModelFromText
    • createRatingsModel
    • createScoreCombiner
    • CoalesceColumns
    • collectColumns
    • columnsToJson
    • columnsToJsonV2
    • combineScores
    • dropColumns
    • dropSingleValueColumns
    • ensureTableHasColumns
    • fetchAlerts
    • fetchCorrelatedEvents
    • fieldnamesFromJson
    • fieldnamesHistogram
    • fieldnamesStatistics
    • filterBaselineTable
    • filterBaselineTableByTime
    • findDiff
    • forceFail
    • formClusters
    • generateScores
    • geoIpLookup
    • getFieldnames
    • gateTask
    • htmlTableToJson
    • interpolateScorer
    • joinTables
    • jsonListToArray
    • jsonToColumns
    • jsonToTable
    • linkToResultRow
    • loadBaseline
    • loadEventsFromExecutionContext
    • loadList
    • loadSystemPreference
    • LogicHub DSL
    • lookup
    • lookupClusterId
    • lookupOperator
    • makeProcessIdsUnique
    • markUpJiraText
    • maskData
    • matchPattern
    • matchSimilarFromCorpus
    • matchSimilarFromCorpusPerGroup
    • multiLookup
    • nearestNeighborScorer
    • notify
    • partition
    • pathFromRoot
    • patternLookup
    • predictLableFromNumericValues
    • predictLabelFromText
    • predictLogType
    • predictRatings
    • queryFromList
    • regex
    • replaceList
    • runScript
    • runScriptV2
    • runSearch
    • scoreAnomalies
    • scoreByLeastFrequency
    • scoreManually
    • scoreByRandomness
    • scoreSpikes
    • select
    • selectivelyDeleteFromList
    • splitArray
    • SplitColumn
    • supervisedScorer
    • tableToHtmlString
    • timeBucket
    • toJson
    • transpose
    • transpose2
    • unionAll
    • waitForMillis
  • UDFs
    • alphanumPattern
    • coalesceEmpty
    • decodebase64
    • encodeBase64
    • extractParseAnchor
    • generalizeDate
    • generalizeInt
    • generalizeLong
    • getJsonFields
    • hash
    • hasJsonSchema
    • matches
    • matchesParseAnchor
    • maxDouble
    • maxFloat
    • maxInt
    • maxLong
    • minDouble
    • minFloat
    • minInt
    • minLong
    • mapStrToJson
    • strRandomness
    • winlogToJsonUDF
    • timeBucket
    • scoreCorr
    • slice
    • toDoubleArray
    • toIntArray
    • toFloatArray
    • toLongArray
    • longRound
    • regexp_count_array
    • regexp_count
    • regexp_extract_array
  • Macros
    • autoJoinTables Macro

Miscellaneous

  • Enterprise OVA Set Up
  • Back Up and Restore Configurations
    • Replicate Backup Files to AWS S3
    • Replicate Backup Files to a Separate Machine
    • Restore from a Backup
  • Administration of the Linux Server
    • Set Up Custom Server Name Certificate
  • Install LogicHub in an Isolated Environment
  • Disaster Recovery
  • Protection of data on the platform
  • Source Onboard Prerequisites
  • Phishing Playbook Building PreRequisites

FAQs

  • About the lhub_ts column
  • List Machine Learning Models API
  • Set Up Slack Integration
  • Jinja Template

Stream and Baseline Specific Actions in Batches

Suggest Edits

Stream Specific Actions in Batches

Streams allow you to perform Pause, Edit, Share, and Delete actions in the batches page for a selected stream.

2958

Baseline Specific Actions in Batches

Baselines allow you to perform Pause, Edit, Share, and Delete actions in the batches page for a selected Baseline.

2954

Updated almost 2 years ago


What's Next
  • Custom Lists
  • Table of Contents
    • Stream Specific Actions in Batches
    • Baseline Specific Actions in Batches