Logz.io

App Vendor: Logz.io

App Category: Analytics & SIEM

Connector Version: 1.0.0

API Version: 1.0.0 and 2.0.0

About App

Logz.io is a cloud-native observability platform that enables you to use the best open-source tools in the market without the complexity of operating, managing, and scaling them.

The Logz.io app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
Create Security Rule	This action creates a security rule.
Update Security Rule	This action updates details of the specified security rule.
Get Security Rule by ID	This action retrieves the details of the specified rule.
Enable Security Rule by ID	This action enables the specified security rule.
Disable a Security Rule by ID	This action disables the specified security rule.
Get All Security Events	This action retrieves a list of all security events. You can filter, sort, and paginate results using query parameters.
Fetch Logs by Alert ID	This action retrieves logs for the specified alert. When a security rule is triggered it is logged as a security event.
Get All Security Rules	This action retrieves a list of all security rules. You can filter, sort, and paginate results using query parameters.
Create Lookup List	This action creates a lookup list. After you create the list, run the endpoint to add elements to the list.
Get Lookup Lists	This action retrieves all lookup lists. You can filter and paginate results using query parameters.
Get Lookup List by ID	This action retrieves details of the specified lookup list.
Update Lookup List	This action updates the name and/or description of the specified lookup list.
Add an Element to a Lookup List	This action adds an element to the specified lookup list.

Configuration Parameters

The following configuration parameters are required for the Logz io app to communicate with the Logz io enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
Base Url	Enter the Logz.io base URL. This is the same as the base URL when you log into your Logz.io account. Example: "app-eu.logz.io"	Text	Required
API Key	Enter your Logz.io API key. You can generate this from your Logz.io account. Example: 34dccdd26c5c99ceb3af22f392b708bf	Password	Required

Parameter

Description

Field Type

Required/Optional

Comments

Base Url

Enter the Logz.io base URL. This is the same as the base URL when you log into your Logz.io account.

Example:

"app-eu.logz.io"

Text

Required

API Key

Enter your Logz.io API key. You can generate this from your Logz.io account.

Example:

34dccdd26c5c99ceb3af22f392b708bf

Password

Required

Action: Create Security Rule

This action creates a security rule.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Title	Enter a name for the security rule Example: "rule_01"	Text	Required
Description	Enter a description of the event, its significance, and suggested next steps or instructions for the team. Example: "this is a test"	Text	Optional
Tags	Enter the required tags for the security rule. Example: $LIST[test, test2]	List	Optional
Sub Components	Enter the required search criteria.	List	Required	Allowed values: queryDefinition: (object) Determines when the rule should trigger. query: (string)Enter a Kibana search query written in Lucene syntax. The search query together with the filters retrieves the relevant logs. Cannot be null. Send an asterisk () wildcard if you are not using a search query. Default value: "". Example: "type:apache_access". filters: (object) bool.must.match_phrase.field.query: (string) bool.must_not.match_phrase.field.query: (string) groupBy: (array of strings) Enter fields by which you want to group the results and count them. If you apply a group by operation, the rule returns a count of the results aggregated by unique values. Enter 1-3 values. aggregation: (object) Enter a trigger condition that acts as a threshold. aggregationType: (string) Enter the aggregation operator. Allowed values: SUM: When using this value, fieldToAggregateOn must not be null. MIN: When using this value, fieldToAggregateOn must not be null. MAX: When using this value, fieldToAggregateOn must not be null. AVG: When using this value, fieldToAggregateOn must not be null. COUNT: When using this value, fieldToAggregateOn must be null, and groupBy field must not be empty (or null). UNIQUE_COUNT: When using this value, fieldToAggregateOn must not be null. NONE: When using this value, fieldToAggregateOn must be null, and groupBy field must not be empty (or null). fieldToAggregateOn: (string) Enter the field on which to run the aggregation for the trigger condition. Cannot be the same as a field used in the groupBy parameter. shouldQueryOnAllAccounts: (boolean) Only applicable when the rule is run from the main account. Allowed values: True: (default) The rule is run on the main account and all associated searchable subaccounts. False: Specify relevant account IDs for the rule to monitor using the accountIdsToQueryOn field. accountIdsToQueryOn: (array of integers) Enter the Account IDs you want to the rule to monitor. Use this only if the shouldQueryOnAllAccounts is set to False. trigger: (object) Enter the triggering threshold and severity tab to label the event when the rule triggers. operator: (string) Enter the operator for evaluating the results. Allowed values: LESS_THAN GREATER_THAN LESS_THAN_OR_EQUALS GREATER_THAN_OR_EQUALS EQUALS NOT_EQUALS severityThresholdTiers: (object) a severity label per trigger threshold as a key-value pair. Allowed values: INFO LOW MEDIUM HIGH SEVERE output: (object) Enter the data output to be sent in the notification when the rule is triggered. Not applicable when grouping by fields or aggregating results. columns.fieldName: (string) Enter the fields to be included in the notification. columns.regex: (string) Trim the data using regex filters. columns.sort: (string) Enter how you want to sort the output. Allowed values: DESC ASC
Output Notification	Enter the notification you want to automatically send out along with sample results when the alert triggers.	List	Optional	Allowed values: recipients: (object) Enter email addresses and endpoint channels to which you want to receive automatic notifications with sample data when the rule is triggered. Allowed values: emails: (array of strings) Enter the email addresses to be notified when the rule is triggered. notificationEndpointIds: (array of integers) Enter the IDs of pre-configured endpoint channels to be notified when the rule is triggered. suppressNotificationsMinutes: (integer) Enter the minimum waiting period (in minutes) between notifications. The rule will still trigger but will not send out notifications during the waiting period. Minimum value: 5 Maximum value: 1440 type: (string) Enter the output format for the rule notification. Allowed values: JSON TABLE
Search Time Frame	Enter the time frame to evaluate the log data in minutes. Example: 20	Integer	Optional	Default time frame: 5 Minimum recommended time frame: 5 Maximum recommended time frame: 1440
Correlations	Enter the logic to correlate the rule’s sub-components.	List	Optional	Only applicable when multiple sub-components are used in the security rule. Allowed values: correlationOperators: (array of strings) Allowed value: and joins: (array of objects) Enter the group by fields that must have the same values to trigger the rule. Joins the group by fields from the first and second sub-components. The key represents the index of the sub-component in the array. The fields must be ordered pairs of the group by fields already in use in the queryDefinition.
Enabled	Enter if you want to activate the rule after it is created. Example: True	Boolean	Optional	Allowed values: True: The security rule is activated after it is created. False: The security rule is not activated after it is created. Default value: True

Example Request

{
  "title": "Excessive WARN levels in PROD",
  "description": "Steps to remediate...",
  "tags": [
    "test",
    "test1"
  ],
  "subComponents": [
    {
      "trigger": {
        "operator": "GREATER_THAN_OR_EQUALS",
        "severityThresholdTiers": {
          "MEDIUM": 10
        }
      },
      "queryDefinition": {
        "query": "type:apache_access",
        "filters": {
          "bool": {
            "must": [
              {
                "match_phrase": {
                  "address.city": [
                    "New York"
                  ]
                }
              }
            ],
            "must_not": [
              {
                "match_phrase": {
                  "address.postalCode": [
                    "01757"
                  ]
                }
              }
            ]
          }
        },
        "groupBy": [
          "address.city"
        ],
        "aggregation": {
          "aggregationType": "SUM",
          "fieldToAggregateOn": "string"
        },
        "shouldQueryOnAllAccounts": True
      }
    },
    {
      "trigger": {
        "operator": "GREATER_THAN_OR_EQUALS",
        "severityThresholdTiers": {
          "MEDIUM": 10
        }
      },
      "queryDefinition": {
        "query": "type:apache_access",
        "filters": {
          "bool": {
            "must": [
              {
                "match_phrase": {
                  "address.city": [
                    "New York"
                  ]
                }
              }
            ],
            "must_not": [
              {
                "match_phrase": {
                  "address.postalCode": [
                    "01757"
                  ]
                }
              }
            ]
          }
        },
        "groupBy": [
          "address.city"
        ],
        "aggregation": {
          "aggregationType": "SUM",
          "fieldToAggregateOn": "string"
        },
        "accountIdsToQueryOn": [
          317620
        ],
        "shouldQueryOnAllAccounts": False
      }
    }
  ],
  "output_notification": {
    "recipients": {
      "emails": [
        "user_01@example.com",
        "user_02@example.com"
      ],
      "notificationEndpointIds": [
        10101
      ]
    },
    "suppressNotificationsMinutes": 60,
    "type": "JSON"
  },
  "search_time_frame_minutes": 20,
  "correlations": {
    "correlationOperators": [
      "AND"
    ],
    "joins": [
      {
        "0": "region",
        "1": "region"
      }
    ]
  },
  "enabled": True
}

Action: Update Security Rule

This action updates details of the specified security rule.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Rule ID	Enter the unique identifier of the security rule you want to update. Example: 627816	Integer	Required
Title	Enter a name for the security rule Example: "rule_01"	Text	Required
Description	Enter a description of the event, its significance, and suggested next steps or instructions for the team. Example: "this is a test"	Text	Optional
Tags	Enter the required tags for the security rule. Example: $LIST[test,test1]	List	Optional
Sub Components	Enter the required search criteria.	List	Required	Allowed values: queryDefinition: (object) Determines when the rule should trigger. query: (string)Enter a Kibana search query written in Lucene syntax. The search query together with the filters retrieves the relevant logs. Cannot be null. Send an asterisk () wildcard if you are not using a search query. Default value: "". Example: "type:apache_access". filters: (object) bool.must.match_phrase.field.query: (string) bool.must_not.match_phrase.field.query: (string) groupBy: (array of strings) Enter fields by which you want to group the results and count them. If you apply a group by operation, the rule returns a count of the results aggregated by unique values. Enter 1-3 values. aggregation: (object) Enter a trigger condition that acts as a threshold. aggregationType: (string) Enter the aggregation operator. Allowed values: SUM: When using this value, fieldToAggregateOn must not be null. MIN: When using this value, fieldToAggregateOn must not be null. MAX: When using this value, fieldToAggregateOn must not be null. AVG: When using this value, fieldToAggregateOn must not be null. COUNT: When using this value, fieldToAggregateOn must be null, and groupBy field must not be empty (or null). UNIQUE_COUNT: When using this value, fieldToAggregateOn must not be null. NONE: When using this value, fieldToAggregateOn must be null, and groupBy field must not be empty (or null). fieldToAggregateOn: (string) Enter the field on which to run the aggregation for the trigger condition. Cannot be the same as a field used in the groupBy parameter. shouldQueryOnAllAccounts: (boolean) Only applicable when the rule is run from the main account. Allowed values: True: (default) The rule is run on the main account and all associated searchable subaccount. False: Specify relevant account IDs for the rule to monitor using the accountIdsToQueryOn field. accountIdsToQueryOn: (array of integers) Enter the Account IDs you want to the rule to monitor. Use this only if the shouldQueryOnAllAccounts is set to False. trigger: (object) Enter the triggering threshold and severity tab to label the event when the rule triggers. operator: (string) Enter the operator for evaluating the results. Allowed values: LESS_THAN GREATER_THAN LESS_THAN_OR_EQUALS GREATER_THAN_OR_EQUALS EQUALS NOT_EQUALS severityThresholdTiers: (object) a severity label per trigger threshold as a key-value pair. Allowed values: INFO LOW MEDIUM HIGH SEVERE output: (object) Enter the data output to be sent in the notification when the rule is triggered. Not applicable when grouping by fields or aggregating results. columns.fieldName: (string) Enter the fields to be included in the notification. columns.regex: (string) Trim the data using regex filters. columns.sort: (string) Enter how you want to sort the output. Allowed values: DESC ASC
Output Notification	Enter the notification you want to automatically send out along with sample results when the alert triggers.	List	Optional	Allowed values: recipients: (object) Enter email addresses and endpoint channels to which you want to receive automatic notifications with sample data when the rule is triggered. Allowed values: emails: (array of strings) Enter the email addresses to be notified when the rule is triggered. notificationEndpointIds: (array of integers) Enter the IDs of pre-configured endpoint channels to be notified when the rule is triggered. suppressNotificationsMinutes: (integer) Enter the minimum waiting period (in minutes) between notifications. The rule will still trigger but will not send out notifications during the waiting period. Minimum value: 5 Maximum value: 1440 type: (string) Enter the output format for the rule notification. Allowed values: JSON TABLE
Search Time Frame	Enter the time frame to evaluate the log data in minutes. Example: 20	Integer	Optional	Default time frame: 5 Minimum recommended time frame: 5 Maximum recommended time frame:1440
Correlations	Enter the logic to correlate the rule’s sub-components.	List	Optional	Only applicable when multiple sub-components are used in the security rule. Allowed values: correlationOperators: (array of strings) Allowed value: and joins: (array of objects) Enter the group by fields that must have the same values to trigger the rule. Joins the group by fields from the first and second sub-components. The key represents the index of the sub-component in the array. The fields must be ordered pairs of the group by fields already in use in the queryDefinition.
Enabled	Enter if you want to activate the rule after it is updated. Example: True	Boolean	Optional	Allowed values: True (default): Updated and activated. False: Updated, but not activated.

Example Request

{
  "rule_id": 627816,
  "title": "Excessive WARN levels in PROD",
  "description": "Steps to remediate...",
  "tags": [
    "test",
    "test1"
  ],
  "subComponents": [
    {
      "trigger": {
        "operator": "GREATER_THAN_OR_EQUALS",
        "severityThresholdTiers": {
          "MEDIUM": 10
        }
      },
      "queryDefinition": {
        "query": "type:apache_access",
        "filters": {
          "bool": {
            "must": [
              {
                "match_phrase": {
                  "address.city": [
                    "New York"
                  ]
                }
              }
            ],
            "must_not": [
              {
                "match_phrase": {
                  "address.postalCode": [
                    "01757"
                  ]
                }
              }
            ]
          }
        },
        "groupBy": [
          "address.city"
        ],
        "aggregation": {
          "aggregationType": "SUM",
          "fieldToAggregateOn": "string"
        },
        "shouldQueryOnAllAccounts": True
      }
    },
    {
      "trigger": {
        "operator": "GREATER_THAN_OR_EQUALS",
        "severityThresholdTiers": {
          "MEDIUM": 10
        }
      },
      "queryDefinition": {
        "query": "type:apache_access",
        "filters": {
          "bool": {
            "must": [
              {
                "match_phrase": {
                  "address.city": [
                    "New York"
                  ]
                }
              }
            ],
            "must_not": [
              {
                "match_phrase": {
                  "address.postalCode": [
                    "01757"
                  ]
                }
              }
            ]
          }
        },
        "groupBy": [
          "address.city"
        ],
        "aggregation": {
          "aggregationType": "SUM",
          "fieldToAggregateOn": "string"
        },
        "accountIdsToQueryOn": [
          317620
        ],
        "shouldQueryOnAllAccounts": False
      }
    }
  ],
  "output_notification": {
    "recipients": {
      "emails": [
        "user_01@example.com",
        "user_02@example.com"
      ],
      "notificationEndpointIds": [
        10101
      ]
    },
    "suppressNotificationsMinutes": 60,
    "type": "JSON"
  },
  "search_time_frame_minutes": 20,
  "correlations": {
    "correlationOperators": [
      "AND"
    ],
    "joins": [
      {
        "0": "region",
        "1": "region"
      }
    ]
  },
  "enabled": True
}

Action: Get Security Rule by ID

This action retrieves the details of the specified rule.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Rule ID	Enter the unique identifier of the security rule for which you want to retrieve details. Example: 627816	Integer	Required

Parameter

Description

Field Type

Required/Optional

Comments

Rule ID

Enter the unique identifier of the security rule for which you want to retrieve details.

Example:

627816

Integer

Required

Example Request

{
  "rule_id": 627816
}

Action: Get All Security Rules

This action retrieves a list of all security rules. You can filter, sort, and paginate results using query parameters.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Search	Enter the name and description of the rule you want to retrieve. Example: "rule_01"	Text	Required
Severities	Enter the severities of the rule for which you want to retrieve details. Example: $LIST[medium, high]	List	Optional	Allowed values: info low medium high sever
Updated By	Enter the user's email addresses. Use this parameter to retrieve details of the security rules that were last updated by the specified users. Example: $LIST[user01@example.com, user02@example.com]	List	Optional
Created By	Enter the user's email addresses. Use this parameter to retrieve details of the security rules that were created by the specified users. Example: $LIST[user01@example.com, user02@example.com]	List	Optional
Enabled State	Enter the state of the rule for which you want to retrieve details. Example: [True]	List	Optional	Allowed values: True: Retrieves security rules that are enabled. False: Retrieves security rules that are disabled. Pass an empty array to retrieve details of both enabled and disabled rules.
Email Notifications	Enter the user's email addresses. Use this parameter to retrieve details of the security rules based on users that get notified when the security rule is triggered. Example: $LIST[user01@example.com, user02@example.com]	List	Optional
Tags	Enter the tag. Retrieve security rules matching the entered tags. Example: $LIST[network]	List	Optional
Sort By Field	Enter the name of the parameter by which you want to sort the results. Example: "severity"	Text	Optional	Allowed values: severity name created_at updated_at Default value: name
Sort Descending	Enter if you want to sort results in descending order. Example: True	Boolean	Optional	Allowed values: True: Sort values in descending order. False: Sort values in ascending order. Default value: True
Page Number	Use this parameter in conjunction with the Page Size parameter for pagination. Enter the number of pages you want to skip when retrieving the results. Example: 5	Integer	Optional	Default value: 1 If you overshoot the page number, the API returns an empty page with no results. However, the request is not failed.
Page Size	Use this parameter in conjunction with the Page Number parameter for pagination. Enter the number of results you want to retrieve per page. Example: 10	Integer	Optional	Minimum value: 1 Maximum value: 1000 Default value: 25

Example Request

{
  "filter": {
    "search": "rule_01",
    "severities": [
      "medium",
      "high"
    ],
    "updated_by": [
      "user01@example.com",
      "user02@example.com"
    ],
    "created_by": [
      "user01@example.com",
      "user02@example.com"
    ],
    "enabled_state": [
      True
    ],
    "email_notifications": [
      "user01@example.com",
      "user02@example.com"
    ],
    "tags": [
      "tag_01",
      "tag_02"
    ]
  },
  "sort_by_field": "severity",
  "sort_as_descending": True,
  "page_number": 5,
  "page_size": 10
}

Action: Enable Security Rule by ID

This action disables the specified security rule.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Rule ID	Enter the unique identifier of the security rule for which you want to retrieve details. Example: 627816	Integer	Required

Parameter

Description

Field Type

Required/Optional

Comments

Rule ID

Enter the unique identifier of the security rule for which you want to retrieve details.

Example:

627816

Integer

Required

Example Request

{
  "rule_id": 627816
}

Action: Disable a Rule by ID

This action disables the specified security rule.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Rule ID	Enter the unique identifier of the security rule for which you want to retrieve details. Example: 627816	Integer	Required

Parameter

Description

Field Type

Required/Optional

Comments

Rule ID

Enter the unique identifier of the security rule for which you want to retrieve details.

Example:

627816

Integer

Required

Example Request

{
  "rule_id": 627816
}

Action: Get All Security Events

This action retrieves a list of all security events. You can filter, sort, and paginate results using query parameters.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
From Date	Enter the epoch timestamp, in seconds, from when you want to retrieve security events. Example: "1587134557"	Text	Required
To Date	Enter the epoch timestamp, in seconds, till when you want to retrieve security events. Example: "1587137557"	Text	Required
Search Term	Enter the name and description of the rule for which you want to retrieve details. Example: "rule_01"	Text	Required
Severities	Enter the severities of the rule for which you want to retrieve details. Example: $LIST[medium, high]	List	Optional	Allowed values: info low medium high severe
Sort By Field	Enter the value by which you want to sort results. Example: "severity"	Text	Optional	Allowed values: date severity Default value: date
Sort Descending	Enter if you want to sort results in descending order. Example: True	Boolean	Optional	Allowed values: True: Sort values in descending order. False: Sort values in ascending order. Default value: True
Page Number	Use this parameter in conjunction with the Page Size parameter for pagination. Enter the number of pages you want to skip when retrieving the results. Example: 5	Integer	Optional	Default value: 1 If you overshoot the page number, the API returns an empty page with no results. However, the request is not failed.
Page Size	Use this parameter in conjunction with the Page Number parameter for pagination. Enter the number of results you want to retrieve per page. Example: 10	Integer	Optional	Minimum value: 1 Maximum value: 1000 Default value: 25

Example Request

{
  "from_date": "1587134557",
  "to_date": "1587137557",
  "search_term": "rule_01",
  "severities": [
    "medium",
    "high"
  ],
  "sort_field": "date",
  "sort_as_descending": True,
  "page_number": 5,
  "page_size": 10
}

Action: Fetch Logs by Alert ID

This action retrieves logs for the specified alert. When a security rule is triggered it is logged as a security event.

Runs a search query in your logz.io log monitoring account to fetch the logs that triggered the security rule and caused it to log a security event.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alert ID	Enter the unique identifier (GUID) of the alert. Example: "833203f9-de71-5a12-9083-9055a6d925bb"	Text	Required
Page Number	Use this parameter in conjunction with the Page Size parameter for pagination. Enter the number of pages you want to skip when retrieving the results. Example: 5	Integer	Optional	Default value: 1 If you overshoot the page number, the API returns an empty page with no results. However, the request is not failed.
Page Size	Use this parameter in conjunction with the Page Number parameter for pagination. Enter the number of results you want to retrieve per page. Example: 10	Integer	Optional	Minimum value: 1 Maximum value: 1000 Default value: 25

Parameter

Description

Field Type

Required/Optional

Comments

Alert ID

Enter the unique identifier (GUID) of the alert.

Example:

"833203f9-de71-5a12-9083-9055a6d925bb"

Text

Required

Page Number

Use this parameter in conjunction with the Page Size parameter for pagination.

Enter the number of pages you want to skip when retrieving the results.

Example:

Integer

Optional

Default value: 1

If you overshoot the page number, the API returns an empty page with no results. However, the request is not failed.

Page Size

Use this parameter in conjunction with the Page Number parameter for pagination.

Enter the number of results you want to retrieve per page.

Example:

Integer

Optional

Minimum value: 1

Maximum value: 1000

Default value: 25

Example Request

{
  "alert_event_id": "833203f9-de71-5a12-9083-9055a6d925bb",
  "page_number": 5,
  "page_size": 10
}

Action: Create Lookup List

This action creates a lookup list. After you create the list, run the endpoint to add elements to the list.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Name	Enter the name of the lookup list. If no value is passed, the list is named untitled followed by the running number. Example: "lookup_list_01"	Text	Optional	Maximum characters: 40
Description	Enter a description for the lookup list. You can add details such as the list's purpose, uses, and dependencies. Example: "description for lookup_list_01"	Text	Required	Maximum characters: 400

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the lookup list.

If no value is passed, the list is named untitled followed by the running number.

Example:

"lookup_list_01"

Text

Optional

Maximum characters: 40

Description

Enter a description for the lookup list. You can add details such as the list's purpose, uses, and dependencies.

Example:

"description for lookup_list_01"

Text

Required

Maximum characters: 400

Example Request

{
  "name": "lookup_list_01",
  "description": "description for lookup_list_01"
}

Action: Get All Lookup Lists

This action retrieves all lookup lists. You can filter and paginate results using query parameters.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Search Term	Enter the name of the lookup list for which you want to retrieve details. Example: "servers"	Text	Optional
Lookup ID	Enter the lookup IDs for which you want to retrieve details. Example: $LIST[12345, 12346]	List	Optional
Page Number	Use this parameter in conjunction with the Page Size parameter for pagination. Enter the number of pages you want to skip when retrieving the results. Example: 5	Integer	Optional	Default value: 1 If you overshoot the page number, the API returns an empty page with no results. However, the request is not failed.
Page size	Use this parameter in conjunction with the Page Number parameter for pagination. Enter the number of results you want to retrieve per page. Example: 10	Integer	Optional	Minimum value: 1 Maximum value: 1000 Default value: 25

Example Request

{
  "search_term": "servers",
  "by_ids": [
    "12345",
    "12346"
  ],
  "page_number": 5,
  "page_size": 10
}

Action: Get Lookup List by ID

This action retrieves details of the specified lookup.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Lookup ID	Enter the unique identifier (GUID) of the lookup list for which you want to retrieve details. Example: "7c985e09-3db6-5dc6-ae33-58403493e13f"	Text	Optional

Parameter

Description

Field Type

Required/Optional

Comments

Lookup ID

Enter the unique identifier (GUID) of the lookup list for which you want to retrieve details.

Example:

"7c985e09-3db6-5dc6-ae33-58403493e13f"

Text

Optional

Example Request

{
  "lookup_id": "7c985e09-3db6-5dc6-ae33-58403493e13f"
}

Action: Update Lookup List

This action updates the name and/or description of the specified lookup list.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Lookup ID

Enter the unique identifier (GUID) of the lookup list for which you want to retrieve details.

Example:

"7c985e09-3db6-5dc6-ae33-58403493e13f"

Text

Required

Name

Enter the new name for the lookup list.

Example:

"lookup_list_02"

Text

Required

Description

Enter the new description for the lookup list.

Example:

"new description for lookup_list_02"

Text

Optional

Example Request

{
  "lookup_id": "7c985e09-3db6-5dc6-ae33-58403493e13f",
  "name": "lookup_list_02",
  "description": "new description for lookup_list_02"
}

Action: Add an Element to a Lookup List

This action adds an element to the specified lookup list.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Lookup ID	Enter the unique identifier (GUID) of the lookup list for which you want to retrieve details. Example: "7c985e09-3db6-5dc6-ae33-58403493e13f"	Text	Required
Value	Enter the required single field value. Example: "54.53.1.1"	Text	Required
Comment	Enter comments, notes, or details about the element or value. If you enter an IP address against the Value parameter you can enter the identifier of the server here. Example: "abc server"	Text	Optional
Expiration Date	Enter the epoch timestamp, in seconds, when the lookup list should expire. Example: 1587860455	Integer	Optional

Example Request

{
  "lookup_list_id": "7c985e09-3db6-5dc6-ae33-58403493e13f",
  "value": "54.53.1.1",
  "comment": "abc server",
  "expiration_date": "1587860455"
}

Cyware Orchestrate

Logz.io

About App

Configuration Parameters

Action: Create Security Rule

Action: Update Security Rule

Action: Get Security Rule by ID

Action: Get All Security Rules

Action: Enable Security Rule by ID

Action: Disable a Rule by ID

Action: Get All Security Events

Action: Fetch Logs by Alert ID

Action: Create Lookup List

Action: Get All Lookup Lists

Action: Get Lookup List by ID

Action: Update Lookup List

Action: Add an Element to a Lookup List

Search results