Use of Event type in LogicHub Playbook

To use an Event type in the playbook:

👍

Prerequisites

Create or edit an existing playbook to add event type.

📘

Additional Information

Can switch between Playbook Easy Mode and Advanced Mode.

Switch from Easy Mode to Advanced Mode
From the Easy Mode editor, click the More icon (...) in the upper right corner and select Advanced Mode.

Switch from Advanced Mode to Easy Mode
From the Advanced Mode editor, click the More icon (...) in the upper right corner and select Edit in Easy Mode.

Ingest Event Type into LogicHub Playbook

1600

Click New Playbook from the left navigation or go to My Library and click on Playbooks.

  • Click New Playbook gives you a pop-up option New Blank Playbook
    or
    select from an existing template.
  • Click My Library > Playbooks gives you an option to click New in the upper-right corner or open an existing Playbook from the list of Playbooks.

Use of Event type in Playbook (Easy Mode):

1600
  1. Click the Connect to SIEM top open the Event type popup.
  2. Select one or more event types. If you don't see the event type you want, click Create a new Event Type to add a new one. See Create Event Type for further more information.

Use of Event type in Playbook (Advanced Mode):

Generally, Playbook opens in Easy Mode.

  1. From the Easy Mode editor, click the More icon (...) in the upper right corner and select Advanced Mode.
  2. Click the Source icon in the top icon bare. Select one or more event types. If you don't see the event type you want, click Create a new Event Type to add a new one. See Create Event Type for further more information.
1600
  1. Click Done to add the event type step to your playbook.
1600

Use the Date Time Range control to set the sample time range for your playbook, and select a time zone from the dropdown list. Choose a range that is just wide enough for you to see data, but not so wide that you'll need to wait for query results. Depending on your data, you might need to adjust the interval to display data.

1600

The results table shows all the data that matches the selected step for the specified time range. Scrolling and pagination controls are available.


© 2017-2021 LogicHub®. All Rights Reserved.