LogRhythm

Cyware Orchestrate

LogRhythm

App Vendor: LogRhythm

App Category: Analytics & SIEM

Connector Version: 1.0.0

API Version: 1.0.0

About App

LogRhythm SIEM helps security operations teams protect critical data and infrastructure from cyber threats, and get unmatched visibility, detection, and response. This integration is used for alarm management within the LogRhythm

The LogRhythm SIEM app is configured with Orchestrate to perform the following actions:

Action Name	Description
Add Comment to Alarm	This action adds a comment to an alarm.
Get Alarm Details	This action retrieves the details of an alarm.
Get Alarm Events	This action retrieves the events associated with an alarm.
Get Alarm History	This action retrieves the history of an alarm.
Get Alarms	This action polls and filters alarms.
Update Alarm Status	This action updates the status of an alarm.

Configuration Parameters

The following configuration parameters are required for the LogRhythm SIEM app to communicate with the LogRhythm SIEM enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
Domain	Enter the LogRhythm SIEM URL or IP address to connect to.	Text	Required
API Token	Enter the API token to connect to the LogRhythm SIEM instance.	Password	Required
Port	Enter the port to connect to.	Text	Optional	Default value: 8501
Verify	Choose to verify the SSL certificate.	Boolean	Optional	Default value: false Allowed values: true false

Action: Add Comment to Alarm

This action adds a comment to an alarm.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alarm ID	Enter the ID of an alarm to add a comment.	Text	Required
Comment	Enter the comment to add to the alarm.	Text	Required

Action: Get Alarm Details

This action retrieves the details of an alarm.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alarm ID	Enter the ID of an alarm to retrieve details.	Text	Required

Action: Get Alarm Events

This action retrieves the events associated with an alarm.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alarm ID	Enter the ID of an alarm to retrieve the associated events.	Integer	Required

Action: Get Alarm History

This action retrieves the history of an alarm.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alarm ID	Enter the ID of an alarm to retrieve its history.	Text	Required
Offset	Enter the offset value for pagination.	Integer	Optional
Count	Enter the numbers of items to retrieve.	Integer	Optional
Order by	Enter the field name to sort the result.	Integer	Optional
Direction	Enter the sorting order as either ascending or descending.	Text	Optional	Allowed values: ascending descending
Person ID	Enter the person ID to filter results.	Integer	Optional
Date Updated	Enter the updated date post which you need to retrieve results.	Integer	Optional
Type	Enter the alarm type.	Text	Optional

Action: Get Alarms

This action polls and filters alarms.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Offset	Enter the offset value for pagination.	Integer	Optional
Count	Enter the number of results to retrieve.	Integer	Optional
Order by	Enter the field name to sort the result.	Text	Optional	Allowed values: alarmrulename alarmstatus dateinserted entityname
Direction	Enter the sorting order as either ascending or descending.	Text	Optional
Alarm Rule Name	Enter the alarm rule name to retrieve results.	Text	Optional
Alarm Status	Enter the alarm status to filter the result.	Text	Optional	Allowed values: new opened working escalated closed closed_falsealarm closed_resolved closed_unresolved closed_reported closed_monitor
Entity Name	Enter the entity name to filter results.	Text	Optional
Notification	Enter the notification to filter results.	Text	Optional
Case Association	Enter the case associated with the alarm to filter results.	Text	Optional
Date Inserted	Enter the inserted date to filter results.	Text	Optional

Action: Update Alarm Status

This action updates the status of an alarm.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alarm ID	Enter the ID of an alarm to update the status.	Text	Required
Alarm Status	Enter the new status of the alarm.	Text	Required	Allowed values: new opened working escalated closed closed_falsealarm closed_resolved closed_unresolved closed_reported closed_monitor

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

LogRhythm

About App

Configuration Parameters

Action: Add Comment to Alarm

Action: Get Alarm Details

Action: Get Alarm Events

Action: Get Alarm History

Action: Get Alarms

Action: Update Alarm Status

Search results