LogRhythm

LogRhythm security intelligence.

The LogRhythm pack provides security operations to deliver comprehensive and actionable information into your enterprise IT environment.

What does this pack do?

Execute queries on logs.
Retrieve case summaries, create new cases, or update the properties of a case.
Get host information, add new hosts and update host status, and query and update alarms.
Fetch cases and alarms as incidents.
Retrieve, update, and remove tags.
Get list details, add or remove items from lists.

This pack includes the following playbooks:

Logrhythm Alarm Handling playbook that is triggered when fetching a LogRhythm alarm incident.
LogRhythmRestV2 - Search query playbook that retrieves query results.

The LogRhythm pack provides security operations to deliver comprehensive and actionable information into your enterprise IT environment.

What does this pack do?

Execute queries on logs.
Retrieve case summaries, create new cases, or update the properties of a case.
Get host information, add new hosts and update host status, and query and update alarms.
Fetch cases and alarms as incidents.
Retrieve, update, and remove tags.
Get list details, add or remove items from lists.

This pack includes the following playbooks:

Logrhythm Alarm Handling playbook that is triggered when fetching a LogRhythm alarm incident.
LogRhythmRestV2 - Search query playbook that retrieves query results.

Classifiers

Name	Description
LogRhythm Classifier
LogRhythm Mapper

Incident Fields

Name	Description
LogRhythm Case Collaborators	LogRhythm Case Collaborators
LogRhythm Ticket Due Date	LogRhythm Ticket Due Date
LogRhythm Case Updated User	LogRhythm Case Updated User
LogRhythm Entity	LogRhythm Entity
LogRhythm Associated Cases	LogRhythm Alarm Associated Cases
LogRhythm Case Priority	LogRhythm Case Priority
LogRhythm Status	LogRhythm Status

Incident Types

Name	Description
Logrhythm Case
Logrhythm Alarm

Integrations

Name	Description
LogRhythmRest	LogRhythm security intelligence.
LogRhythmRest v2	LogRhythm security intelligence.

Layouts

Name	Description
LogRhythm Alarm Incident
LogRhythm Case Incident

Playbooks

Name	Description
LogRhythmRestV2 - Search query	This playbook used generic polling to get query results using the command: lr-execute-search-query.
Logrhythm - Search query	This playbook used generic polling to gets query result using the command: lr-execute-search-query
Logrhythm Alarm Handling	This playbook is triggered by fetching a LogRhythm alarm incident. The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.

Classifiers

Name	Description
LogRhythm Classifier
LogRhythm Mapper

Incident Fields

Name	Description
LogRhythm Case Collaborators	LogRhythm Case Collaborators
LogRhythm Ticket Due Date	LogRhythm Ticket Due Date
LogRhythm Entity	LogRhythm Entity
LogRhythm Case Updated User	LogRhythm Case Updated User
LogRhythm Case Priority	LogRhythm Case Priority
LogRhythm Associated Cases	LogRhythm Alarm Associated Cases
LogRhythm Status	LogRhythm Status

Incident Types

Name	Description
Logrhythm Alarm
Logrhythm Case

Integrations

Name	Description
LogRhythmRest v2	LogRhythm security intelligence.
LogRhythmRest	LogRhythm security intelligence.

Playbooks

Name	Description
Logrhythm - Search query	This playbook used generic polling to gets query result using the command: lr-execute-search-query
Logrhythm Alarm Handling	This playbook is triggered by fetching a LogRhythm alarm alert. The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.
LogRhythmRestV2 - Search query	This playbook used generic polling to get query results using the command: lr-execute-search-query.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (5)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

2.0.22 - 836299 (February 18, 2024)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

2.0.21 - R828628 (February 14, 2024)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

2.0.20 - R6592021 (October 13, 2023)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27954

Download

2.0.19 - R5692327 (July 5, 2023)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.12.63474.
Added the API Token integration parameters to support credentials fetching object.

Related pull requests:
- 27698

Download

2.0.18 - 5189071 (May 4, 2023)

Integrations

LogRhythmRest v2

Fixed an issue where lr-alarm-drilldown command didn't work properly.
Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26261

Download

2.0.17 - R5170573 (May 2, 2023)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.10.51930.
Changed the XML parsing to be more secure.

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.10.51930.
Changed the XML parsing to be more secure.

Related pull requests:
- 23980

Download

2.0.16 - R4718798 (March 1, 2023)

Integrations

LogRhythmRest v2

Added the lr-get-alarm-details command to enable retrieving details about a given alarm.
Added the lr-alarm-drilldown command to enable retrieving
logs per rule block for a specific alarm ID that fired associated with an AIE alarm.
Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24474

Download

2.0.15 - 4514603 (February 1, 2023)

Layouts

LogRhythm Alarm Incident
This item is no longer supported in XSIAM.
LogRhythm Case Incident
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

2.0.14 - 4085738 (November 23, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.8.37233.

Related pull requests:
- 22384

Download

2.0.13 - 3965075 (November 3, 2022)

Integrations

LogRhythmRest v2

Fixed an issue where the lr-list-details-and-items-get command fails in case of too many items to retrieve.
Updated the Docker image to: demisto/python3:3.10.8.36650.

Related pull requests:
- 21984

Download

2.0.12 - R3752170 (September 29, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20050

Download

2.0.11 - 3167802 (June 28, 2022)

Playbooks

LogRhythmRestV2 - Search query

Added support for Polling to continue for Searching, First Results, Queued and Paused statuses.

Related pull requests:
- 19757

Download

2.0.10 - 3125048 (June 21, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19655

Download

2.0.9 - 2927997 (May 16, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

2.0.8 - 2836953 (April 28, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.28442
Fixed an issue where an empty response caused the fetch-incidents command to fail.

Download

2.0.7 - 2781556 (April 19, 2022)

Integrations

LogRhythmRest v2

Updated formatting of integration parameters.

Download

2.0.6 - 2674843 (March 30, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.27798.
Added type validations and other internal code improvements.

Download

2.0.5 - 2507216 (March 3, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.1.26972.

Download

2.0.4 - 2303329 (January 25, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.1.25933.

Download

2.0.3 - 2206801 (January 5, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.9.9.25564.

Download

2.0.2 - R2146019 (December 21, 2021)

Integrations

LogRhythmRest

Fixed handling responses with status code 204 for lr-get-alarm-events and lr-get-alarm-data.

Download

2.0.1 - 1973965 (November 18, 2021)

Integrations

LogRhythmRest v2

Updated the Case tag filter and Case status filter parameter type to short text.

Download

2.0.0 - 1970937 (November 18, 2021)

Integrations

New: LogRhythmRest v2

LogRhythm security intelligence. (Available from Cortex XSOAR 5.5.0).

LogRhythmRest

Updated the Docker image to: demisto/python3:3.9.8.24399.

Playbooks

New: Logrhythm Alarm Handling

This playbook is triggered by fetching a LogRhythm alarm incident.
The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.

New: LogRhythmRestV2 - Search query

This playbook used generic polling to get query results using the command: lr-execute-search-query (Available from Cortex XSOAR 5.5.0).

Incident Types

Logrhythm Alarm
Logrhythm Case

Incident Fields

LogRhythm Associated Cases
LogRhythm Case Collaborators
LogRhythm Case Updated User
LogRhythm Status
LogRhythm Ticket Due Date
LogRhythm Case Priority
LogRhythm Entity

Mappers

New: LogRhythm Mapper

Mapper for fetched alarms and cases incidents.

Classifiers

New: LogRhythmRest V2

Classifier for fetched alarms and cases incidents.

New: LogRhythm Classifier

Classifier for fetched alarms and cases incidents.

Layouts

New: LogRhythm Alarm Incident

Layout for LogRhythm Alarm Incident.

New: LogRhythm Case Incident

Layout for LogRhythm Case Incident.

Download

1.1.0 - 1847888 (October 26, 2021)

Integrations

LogRhythmRest

Added commands for handling users in LogRhythm.
- lr-get-users
- lr-get-logins
- lr-get-privileges
- lr-get-profiles
- lr-add-user
- lr-add-login

Download

Certification	Certified	Read more
Supported By	Cortex
Created	September 23, 2020
Last Release	February 18, 2024

Integrations

LogRhythmRest

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest

LogRhythmRest v2

Integrations

LogRhythmRest v2

Layouts

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Playbooks

LogRhythmRestV2 - Search query

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest v2

Integrations

LogRhythmRest

Integrations

LogRhythmRest v2

Integrations

New: LogRhythmRest v2

LogRhythmRest

Playbooks

New: Logrhythm Alarm Handling

New: LogRhythmRestV2 - Search query

Incident Types

Incident Fields

Mappers

New: LogRhythm Mapper

Classifiers

New: LogRhythmRest V2

New: LogRhythm Classifier

Layouts

New: LogRhythm Alarm Incident

New: LogRhythm Case Incident

Integrations

LogRhythmRest

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER