LogRhythm
App Vendor: LogRhythm
App Category: Analytics & SIEM
Connector Version: 1.0.0
API Version: 1.0.0
About App
LogRhythm SIEM helps security operations teams protect critical data and infrastructure from cyber threats, and get unmatched visibility, detection, and response. This integration is used for alarm management within the LogRhythm
The LogRhythm SIEM app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Comment to Alarm | This action adds a comment to an alarm. |
Get Alarm Details | This action retrieves the details of an alarm. |
Get Alarm Events | This action retrieves the events associated with an alarm. |
Get Alarm History | This action retrieves the history of an alarm. |
Get Alarms | This action polls and filters alarms. |
Update Alarm Status | This action updates the status of an alarm. |
Configuration Parameters
The following configuration parameters are required for the LogRhythm SIEM app to communicate with the LogRhythm SIEM enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the LogRhythm SIEM URL or IP address to connect to. | Text | Required | |
API Token | Enter the API token to connect to the LogRhythm SIEM instance. | Password | Required | |
Port | Enter the port to connect to. | Text | Optional | Default value: 8501 |
Verify | Choose to verify the SSL certificate. | Boolean | Optional | Default value: false Allowed values:
|
Action: Add Comment to Alarm
This action adds a comment to an alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the ID of an alarm to add a comment. | Text | Required | |
Comment | Enter the comment to add to the alarm. | Text | Required |
Action: Get Alarm Details
This action retrieves the details of an alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the ID of an alarm to retrieve details. | Text | Required |
Action: Get Alarm Events
This action retrieves the events associated with an alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the ID of an alarm to retrieve the associated events. | Integer | Required |
Action: Get Alarm History
This action retrieves the history of an alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the ID of an alarm to retrieve its history. | Text | Required | |
Offset | Enter the offset value for pagination. | Integer | Optional | |
Count | Enter the numbers of items to retrieve. | Integer | Optional | |
Order by | Enter the field name to sort the result. | Integer | Optional | |
Direction | Enter the sorting order as either ascending or descending. | Text | Optional | Allowed values:
|
Person ID | Enter the person ID to filter results. | Integer | Optional | |
Date Updated | Enter the updated date post which you need to retrieve results. | Integer | Optional | |
Type | Enter the alarm type. | Text | Optional |
Action: Get Alarms
This action polls and filters alarms.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Offset | Enter the offset value for pagination. | Integer | Optional | |
Count | Enter the number of results to retrieve. | Integer | Optional | |
Order by | Enter the field name to sort the result. | Text | Optional | Allowed values:
|
Direction | Enter the sorting order as either ascending or descending. | Text | Optional | |
Alarm Rule Name | Enter the alarm rule name to retrieve results. | Text | Optional | |
Alarm Status | Enter the alarm status to filter the result. | Text | Optional | Allowed values:
|
Entity Name | Enter the entity name to filter results. | Text | Optional | |
Notification | Enter the notification to filter results. | Text | Optional | |
Case Association | Enter the case associated with the alarm to filter results. | Text | Optional | |
Date Inserted | Enter the inserted date to filter results. | Text | Optional |
Action: Update Alarm Status
This action updates the status of an alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the ID of an alarm to update the status. | Text | Required | |
Alarm Status | Enter the new status of the alarm. | Text | Required | Allowed values:
|