Document toolboxDocument toolbox

LogRhythm

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
3 min read
[ 1 Connect LogRhythm with Devo SOAR ] [ 2 Actions for Logrhythm ] [ 2.1 Query Alarms ] [ 2.1.1 Input Field ] [ 2.2 Get Alarm Detail ] [ 2.2.1 Input Field ] [ 2.3 Update Alarm Status ] [ 2.3.1 Input Field ] [ 2.4 Update Alarm RBP ] [ 2.4.1 Input Field ] [ 2.5 Add Alarm Comment ] [ 2.5.1 Input Field ] [ 2.6 Get Alarm Events ] [ 2.6.1 Input Field ] [ 2.7 Get Intel ] [ 2.7.1 Input Field ] [ 2.8 Test Connectivity ] [ 2.8.1 Input Field ] [ 3 Release Notes ]

LogRhythm is an enterprise-class platform that seamlessly combines SIEM, log management, file integrity monitoring and machine analytics with host and network forensics in a unified Security Intelligence Platform.

Connect LogRhythm with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for ** LogRhythm**.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. ** URL**: URL of Logrhythm.

  8. API Token: API Token to access Logrhythm.

  9. After you've entered all the details, click Connect.

Actions for Logrhythm

Query Alarms

Query the alarms on Logrhythm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Query String

Jinja-templated The query string available with Alarm REST call with Jinja format. Example {{logrhythm_query_string}}

Required

Get Alarm Detail

Get the detail of alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Alarm Id

Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}

Required

Update Alarm Status

Update the status of the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Alarm Id

Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}

Required

Alarm Status

Jinja-templated text containing the Status of the alarm. Example: {{Alarm Status}}

Required

Update Alarm RBP

Update the RBP of the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Alarm Id

Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}

Required

RBP

Jinja-templated text containing the RBP of the alarm. Example: {{RBP}}

Required

Add Alarm Comment

Add the Comment in the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Alarm Id

Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}

Required

Alarm Comment

Jinja-templated text containing the Comment of the alarm. Example: {{Alarm Comment}}

Required

Get Alarm Events

Get the Events of the Alarm

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Alarm Id

Jinja-templated text containing the Id of the alarm. Example: {{Alarm Id}}

Required

Get Intel

Get the Intel

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

IOC

Jinja-templated text containing the IOC. Example: {{IOC}}

Required

Test Connectivity

Test the Connectivity

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Host Id

Jinja-templated text containing the Host Id. Example: {{Host Id}}

Required

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

  • v1.0.3 - Added 8 actions to LogRhythm integration.