Create Connections

A connection creates a link between LogicHub and an external system such as a SIEM environment. Active connections allow you to bring data into LogicHub for playbook analysis or as the destination for playbook results.

📘

Note

To view or set up connections, you must be in a group that has connection permission. For more information, see Manage users.

Create a Connection

  1. Select My Library > Connections.
  2. Click New.
  3. Assign a name to identify the connection.
  4. Select the connection type.

You can connect to your SIEM (SumoLogic or Splunk), Elasticsearch, a file, or a directory.

  1. If you select a SIEM, you must enter the API connection credentials. For example, to connect to your Splunk environment, select Splunk for Type, and enter the username and secret to access the service.

  2. In the URL field, enter the domain to access the SIEM or file.

📘

Splunk API Port

Splunk defaults to 8089 for their API connections. This too is our default when using Splunk. So, when you put https://your-splunk.your-company.com as URL, LogicHub connects to 8089. If you have changed the API port to a different port in your Splunk, add the port in the URL For example, some customers change from 8089 to 443, the standard port for HTTPS. In this case, you would specify https://your-splunk.your-company.com:443 in the URL field.

  1. Click Save.
    The Connections page reopens to show the list of connections. The Status checkbox indicates the status of the connection. The green checkbox indicates that the connection is active and the red symbol indicates that the connection isn't working.

Click an entry to edit the settings, or click the trash can icon to delete an entry.


Did this page help you?