Skip to main content

Cyware Threat Intelligence eXchange

Humio

Connector Category: Security Information and Event Management (SIEM) Tool

About Integration

Humio is a Security Information and Event Management (SIEM) tool that allows security analysts to log a large amount of data and further perform real-time analysis of the data, metrics, and traces.

The Humio internal application in Intel Exchange supports the following actions:

Action Name

Description

Update Files

This action updates files on the Humio tool.

Configure Humio App in CTIX

Configure Humio to update the threat data type, source, confidence score, and TLP on the Humio platform.

Before you Start 

  • You must have the View & Update Tool Integration and View Tool Integration permissions.

  • You must have the base URL, token, and repository name of your Humio account.

Steps 

  1. Navigate to Administration, select Integration Management, and select Internal Applications under TOOL INTEGRATIONS.

  2. Select Security Information and Event Management, and select Humio.

  3. Click Add Instance.

  4. Enter a unique name to identify the instance, such as Prod-Humio.

  5. Enter the base URL to directly connect to the application's server. The base URL is the consistent part of a website's URL.

  6. Enter the token to authenticate the application and bypass two-step authentication. You require the Personal API token from Humio for this option.

  7. Enter the repository name in which the file is present in Humio.

  8. Select Verify SSL to verify and secure the connection between the CTIX and Humio servers.

    If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.

  9. Click Save.

Enable Update Files Action

After configuring the application, enable the update files action to use this action in the rules.

Steps 

  1. Navigate to Administration, select Integration Management, and select Internal Applications under TOOL INTEGRATIONS.

  2. Select Security Information and Event Management, and select Humio.

  3. Click the ellipsis on the top right corner and click Manage.

  4. Click Manage Actions and enable the action.

  5. Click Save.

Create a Rule to Update Humio Files

Create a rule in CTIX to automatically update the file in Humio.

Steps 

  1. Navigate to Main Menu and select Rules under Actions.

  2. Click New Rule, and enter a rule title.

  3. Click Add.

  4. Select a source and collection to poll data and define a condition.

    You can select multiple sources and collections, and define multiple conditions using AND, OR operators.

  5. Choose the following to define the action:

    1. Select Update Files as the action.

    2. Select Humio as the application to implement the rule.

    3. Select an account to identify the instance to run the rule.

    4. Select the files to update on Humio's platform.

  6. Click Save.

After the rule is run, you can check the files in the Humio platform.