Skip to main content

Cyware Orchestrate

Humio

App Vendor: Humio

App Category: Analytics & SIEM

Connector Version: 1.0.0

API Version: 1.0.0

About App

Humio is an extremely powerful SIEM that enables data aggregation, exploration, reporting, and analysis from a range of sources. Humio app assists security analysts in easy log management with an incredible pace of returning accurate results based on the query passed.

The Humio app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Quick Search Query

The action performs a search without instantly generating any ID.

Create Query with ID

The action creates a query with an ID.

Fetch Query Results using Query ID

The action fetches the status and result of the query using the ID generated while creating the query.

Delete Query by ID

The action deletes the query.

Configuration Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Base URL

Enter the base URL.

Example:

https://your_url or http://base_url

Text

Required

API Token

Enter the API token for authentication.

Password

Required

Repository Name

Enter the repository name for test connectivity.

Text

Required

SSL Verification

Optional preference to either verify or skip the ssl certificate verification.

Boolean

Optional

Allowed values:

  • True

  • False

Default value:

False

Action: Quick Search Query

The action is used to search without instantly generating any ID. The query returns the matching logs based on the parameters passed along with a ID for the query.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query

Enter the query to search for logs in a repository.

Example:

"/foo/"

Text

Required

Repository name

Enter the repository name. The default value comes from the instance configured for this app.

Example:

"humio-audit"

Text

Optional

The Repository Name is configured while creating an instance. The same value is reflected here, by default.

Start time

Enter the start time after which the results are returned.

Example:

24hours

Text

Optional

End time

Enter the end time before which the results are returned.

Example:

now

Text

Optional

Extra parameters

Enter any additional parameters to filter the search results.

Key Value

Optional

Allowed values:example:

  • islive: Sets whether this query is live.

  • timezoneoffsetminutes: Sets the time zone offset which is significant if the corresponding span is multiples of days.

  • arguments: Dictionary of arguments specified in queries as a key-value pair.

Example Request 

[
    {
        "extra_params": {
             "islive": "True"
         },
        "query_string": "\\foo\\"
    }
]
Action: Create Query with ID

The action creates a query with an ID generated.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query String

Enter the query string.

Example:

"/foo/"

Text

Required

Repository Name

Enter the repository name. The default value comes from the instance configured for this app.

Example:

"humio-audit"

Text

Optional

The Repository Name is configured while creating an instance. The same value is reflected here, by default.

Start Time

Enter the start time after which the results are returned.

Example:

24hours

Text

Required

End Time

Enter the end time before which the results are returned.

Example:

now

Text

Required

Extra Parameters

Enter any additional parameters to create a query.

Key Value

Optional

Allowed values:

  • islive: Sets whether this query is live.

  • timezoneoffsetminutes: Sets the time zone offset which is significant if the corresponding span is multiples of days.

  • arguments: Dictionary of arguments specified in queries as a key-value pair.

Example Request 

[
    {
        "end": "now",
        "start": "24hours",
        "query_string": "searchtest"
    }
]
Action: Fetch Query Results using Query ID

The action fetches the status and result of the query using the ID generated while creating the query.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query ID

Enter the query ID.

Example:

"p3-uwolfvvmne8ztp9odrvwmx0b"

Text

Required

You can retrieve the Query ID using the Create Query with ID action.

Repository Name

Enter the repository name. The default value comes from the instance configured for this app.

Example:

"humio-audit"

Text

Optional

The Repository Name is configured while creating an instance. The same value is reflected here, by default.

Example Request 

[
    {
        "query_id": "P10-0CbmXk8c0q7HglHoB1gKh2AS",
        "repository_name": "humio-audit"
    }
]
Action: Delete Query by ID

The action deletes the query.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query ID

Enter the query ID.

Example:

"p3-uwolfvvmne8ztp9odrvwmx0b"

Text

Required

You can retrieve the Query ID using the Create Query with ID action.

Repository Name

Enter the repository name. The default value comes from the instance configured for this app.

Example:

"humio-audit"

Text

Optional

The Repository Name is configured while creating an instance. The same value is reflected here, by default.

Example Request 

[
    {
        "query_id": "P10-0CbmXk8c0q7HglHoB1gKh2AS",
        "repository_name": "humio-audit"
    }
]