LogRhythm

Details
Content
Dependencies
Version History

LogRhythm security intelligence.

The LogRhythm pack provides security operations to deliver comprehensive and actionable information into your enterprise IT environment.

What does this pack do?

Execute queries on logs.
Retrieve case summaries, create new cases, or update the properties of a case.
Get host information, add new hosts and update host status, and query and update alarms.
Fetch cases and alarms as incidents.
Retrieve, update, and remove tags.
Get list details, add or remove items from lists.

This pack includes the following playbooks:

Logrhythm Alarm Handling playbook that is triggered when fetching a LogRhythm alarm incident.
LogRhythmRestV2 - Search query playbook that retrieves query results.

The LogRhythm pack provides security operations to deliver comprehensive and actionable information into your enterprise IT environment.

What does this pack do?

Execute queries on logs.
Retrieve case summaries, create new cases, or update the properties of a case.
Get host information, add new hosts and update host status, and query and update alarms.
Fetch cases and alarms as incidents.
Retrieve, update, and remove tags.
Get list details, add or remove items from lists.

This pack includes the following playbooks:

Logrhythm Alarm Handling playbook that is triggered when fetching a LogRhythm alarm incident.
LogRhythmRestV2 - Search query playbook that retrieves query results.

Classifiers

Name	Description
LogRhythm Classifier
LogRhythm Mapper

Incident Fields

Name	Description
LogRhythm Entity	LogRhythm Entity
LogRhythm Associated Cases	LogRhythm Alarm Associated Cases
LogRhythm Case Collaborators	LogRhythm Case Collaborators
LogRhythm Status	LogRhythm Status
LogRhythm Case Priority	LogRhythm Case Priority
LogRhythm Ticket Due Date	LogRhythm Ticket Due Date
LogRhythm Case Updated User	LogRhythm Case Updated User

Incident Types

Name	Description
Logrhythm Alarm
Logrhythm Case

Integrations

Name	Description
LogRhythmRest v2	LogRhythm security intelligence.
LogRhythmRest	LogRhythm security intelligence.

Layouts

Name	Description
LogRhythm Case Incident
LogRhythm Alarm Incident

Playbooks

Name	Description
LogRhythmRestV2 - Search query	This playbook used generic polling to get query results using the command: lr-execute-search-query.
Logrhythm Alarm Handling	This playbook is triggered by fetching a LogRhythm alarm incident. The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.
Logrhythm - Search query	This playbook used generic polling to gets query result using the command: lr-execute-search-query

Classifiers

Name	Description
LogRhythm Classifier
LogRhythm Mapper

Incident Fields

Name	Description
LogRhythm Associated Cases	LogRhythm Alarm Associated Cases
LogRhythm Ticket Due Date	LogRhythm Ticket Due Date
LogRhythm Entity	LogRhythm Entity
LogRhythm Case Updated User	LogRhythm Case Updated User
LogRhythm Case Priority	LogRhythm Case Priority
LogRhythm Case Collaborators	LogRhythm Case Collaborators
LogRhythm Status	LogRhythm Status

Incident Types

Name	Description
Logrhythm Case
Logrhythm Alarm

Integrations

Name	Description
LogRhythmRest v2	LogRhythm security intelligence.
LogRhythmRest	LogRhythm security intelligence.

Playbooks

Name	Description
Logrhythm Alarm Handling	This playbook is triggered by fetching a LogRhythm alarm alert. The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.
Logrhythm - Search query	This playbook used generic polling to gets query result using the command: lr-execute-search-query
LogRhythmRestV2 - Search query	This playbook used generic polling to get query results using the command: lr-execute-search-query.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

2.0.28 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

2.0.27 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.0.26 - 4583601 (August 20, 2025)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.25 - 4096037 (July 8, 2025)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.24 - R3481649 (May 21, 2025)

Integrations

LogRhythmRest

Metadata and documentation improvements.

LogRhythmRest v2

Metadata and documentation improvements.

Related pull requests:
- 39228

Download

2.0.23 - R2988527 (March 26, 2025)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.11.10.115186.

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.22 - 836299 (February 18, 2024)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

2.0.21 - R828628 (February 14, 2024)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

2.0.20 - R6592021 (October 13, 2023)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27954

Download

2.0.19 - R5692327 (July 5, 2023)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.12.63474.
Added the API Token integration parameters to support credentials fetching object.

Related pull requests:
- 27698

Download

2.0.18 - 5189071 (May 4, 2023)

Integrations

LogRhythmRest v2

Fixed an issue where lr-alarm-drilldown command didn't work properly.
Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26261

Download

2.0.17 - R5170573 (May 2, 2023)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.10.51930.
Changed the XML parsing to be more secure.

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.10.51930.
Changed the XML parsing to be more secure.

Related pull requests:
- 23980

Download

2.0.16 - R4718798 (March 1, 2023)

Integrations

LogRhythmRest v2

Added the lr-get-alarm-details command to enable retrieving details about a given alarm.
Added the lr-alarm-drilldown command to enable retrieving
logs per rule block for a specific alarm ID that fired associated with an AIE alarm.
Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24474

Download

2.0.15 - 4514603 (February 1, 2023)

Layouts

LogRhythm Alarm Incident
This item is no longer supported in XSIAM.
LogRhythm Case Incident
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

2.0.14 - 4085738 (November 23, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.8.37233.

Related pull requests:
- 22384

Download

2.0.13 - 3965075 (November 3, 2022)

Integrations

LogRhythmRest v2

Fixed an issue where the lr-list-details-and-items-get command fails in case of too many items to retrieve.
Updated the Docker image to: demisto/python3:3.10.8.36650.

Related pull requests:
- 21984

Download

2.0.12 - R3752170 (September 29, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20050

Download

2.0.11 - 3167802 (June 28, 2022)

Playbooks

LogRhythmRestV2 - Search query

Added support for Polling to continue for Searching, First Results, Queued and Paused statuses.

Related pull requests:
- 19757

Download

2.0.10 - 3125048 (June 21, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19655

Download

2.0.9 - 2927997 (May 16, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

2.0.8 - 2836953 (April 28, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.28442
Fixed an issue where an empty response caused the fetch-incidents command to fail.

Download

2.0.7 - 2781556 (April 19, 2022)

Integrations

LogRhythmRest v2

Updated formatting of integration parameters.

Download

2.0.6 - 2674843 (March 30, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.27798.
Added type validations and other internal code improvements.

Download

2.0.5 - 2507216 (March 3, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.1.26972.

Download

2.0.4 - 2303329 (January 25, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.1.25933.

Download

2.0.3 - 2206801 (January 5, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.9.9.25564.

Download

2.0.2 - R2146019 (December 21, 2021)

Integrations

LogRhythmRest

Fixed handling responses with status code 204 for lr-get-alarm-events and lr-get-alarm-data.

Download

2.0.1 - 1973965 (November 18, 2021)

Integrations

LogRhythmRest v2

Updated the Case tag filter and Case status filter parameter type to short text.

Download

2.0.0 - 1970937 (November 18, 2021)

Integrations

New: LogRhythmRest v2

LogRhythm security intelligence. (Available from Cortex XSOAR 5.5.0).

LogRhythmRest

Updated the Docker image to: demisto/python3:3.9.8.24399.

Playbooks

New: Logrhythm Alarm Handling

This playbook is triggered by fetching a LogRhythm alarm incident.
The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.

New: LogRhythmRestV2 - Search query

This playbook used generic polling to get query results using the command: lr-execute-search-query (Available from Cortex XSOAR 5.5.0).

Incident Types

Logrhythm Alarm
Logrhythm Case

Incident Fields

LogRhythm Associated Cases
LogRhythm Case Collaborators
LogRhythm Case Updated User
LogRhythm Status
LogRhythm Ticket Due Date
LogRhythm Case Priority
LogRhythm Entity

Mappers

New: LogRhythm Mapper

Mapper for fetched alarms and cases incidents.

Classifiers

New: LogRhythmRest V2

Classifier for fetched alarms and cases incidents.

New: LogRhythm Classifier

Classifier for fetched alarms and cases incidents.

Layouts

New: LogRhythm Alarm Incident

Layout for LogRhythm Alarm Incident.

New: LogRhythm Case Incident

Layout for LogRhythm Case Incident.

Download

1.1.0 - 1847888 (October 26, 2021)

Integrations

LogRhythmRest

Added commands for handling users in LogRhythm.
- lr-get-users
- lr-get-logins
- lr-get-privileges
- lr-get-profiles
- lr-add-user
- lr-add-login

Download

2.0.28 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

2.0.27 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.0.26 - 4583601 (August 20, 2025)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.25 - 4096037 (July 8, 2025)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.24 - R3481649 (May 21, 2025)

Integrations

LogRhythmRest

Metadata and documentation improvements.

LogRhythmRest v2

Metadata and documentation improvements.

Related pull requests:
- 39228

Download

2.0.23 - R2988527 (March 26, 2025)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.11.10.115186.

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.22 - 836299 (February 18, 2024)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32446

Download

2.0.21 - R828628 (February 14, 2024)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

2.0.20 - R6592021 (October 13, 2023)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27954

Download

2.0.19 - 5618116 (June 26, 2023)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.12.63474.
Added the API Token integration parameters to support credentials fetching object.

Related pull requests:
- 27698

Download

2.0.18 - 5189071 (May 4, 2023)

Integrations

LogRhythmRest v2

Fixed an issue where lr-alarm-drilldown command didn't work properly.
Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26261

Download

2.0.17 - R5170573 (May 2, 2023)

Integrations

LogRhythmRest

Updated the Docker image to: demisto/python3:3.10.10.51930.
Changed the XML parsing to be more secure.

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.10.51930.
Changed the XML parsing to be more secure.

Related pull requests:
- 23980

Download

2.0.16 - R4718798 (March 1, 2023)

Integrations

LogRhythmRest v2

Added the lr-get-alarm-details command to enable retrieving details about a given alarm.
Added the lr-alarm-drilldown command to enable retrieving
logs per rule block for a specific alarm ID that fired associated with an AIE alarm.
Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24474

Download

2.0.15 - 4514603 (February 1, 2023)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 24221

Download

2.0.14 - 4085738 (November 23, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.8.37233.

Related pull requests:
- 22384

Download

2.0.13 - 3965075 (November 3, 2022)

Integrations

LogRhythmRest v2

Fixed an issue where the lr-list-details-and-items-get command fails in case of too many items to retrieve.
Updated the Docker image to: demisto/python3:3.10.8.36650.

Related pull requests:
- 21984

Download

2.0.12 - R3752170 (September 29, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20050

Download

2.0.11 - 3167802 (June 28, 2022)

Playbooks

LogRhythmRestV2 - Search query

Added support for Polling to continue for Searching, First Results, Queued and Paused statuses.

Related pull requests:
- 19757

Download

2.0.10 - 3128765 (June 21, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19655

Download

2.0.9 - 2924164 (May 15, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

2.0.8 - 2836953 (April 28, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.28442
Fixed an issue where an empty response caused the fetch-incidents command to fail.

Download

2.0.7 - 2781556 (April 19, 2022)

Integrations

LogRhythmRest v2

Updated formatting of integration parameters.

Download

2.0.6 - 2674843 (March 30, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.4.27798.
Added type validations and other internal code improvements.

Download

2.0.5 - 2507216 (March 3, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.1.26972.

Download

2.0.4 - 2316504 (January 27, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.10.1.25933.

Download

2.0.3 - 2206801 (January 5, 2022)

Integrations

LogRhythmRest v2

Updated the Docker image to: demisto/python3:3.9.9.25564.

Download

2.0.2 - R2146019 (December 21, 2021)

Integrations

LogRhythmRest

Fixed handling responses with status code 204 for lr-get-alarm-events and lr-get-alarm-data.

Download

2.0.1 - 1973965 (November 18, 2021)

Integrations

LogRhythmRest v2

Updated the Case tag filter and Case status filter parameter type to short text.

Download

2.0.0 - 1970937 (November 18, 2021)

Integrations

New: LogRhythmRest v2

LogRhythm security intelligence. (Available from Cortex XSOAR 5.5.0).

LogRhythmRest

Updated the Docker image to: demisto/python3:3.9.8.24399.

Playbooks

New: Logrhythm Alarm Handling

This playbook is triggered by fetching a LogRhythm alarm incident.
The playbook executes the commands: lr-alarms-list, lr-alarm-summary and lr-users-list to get more useful data for the alarm.

New: LogRhythmRestV2 - Search query

This playbook used generic polling to get query results using the command: lr-execute-search-query (Available from Cortex XSOAR 5.5.0).

Incident Types

Logrhythm Alarm
Logrhythm Case

Incident Fields

LogRhythm Associated Cases
LogRhythm Case Collaborators
LogRhythm Case Updated User
LogRhythm Status
LogRhythm Ticket Due Date
LogRhythm Case Priority
LogRhythm Entity

Mappers

New: LogRhythm Mapper

Mapper for fetched alarms and cases incidents.

Classifiers

New: LogRhythmRest V2

Classifier for fetched alarms and cases incidents.

New: LogRhythm Classifier

Classifier for fetched alarms and cases incidents.

Layouts

New: LogRhythm Alarm Incident

Layout for LogRhythm Alarm Incident.

New: LogRhythm Case Incident

Layout for LogRhythm Case Incident.

Download

1.1.0 - 1847888 (October 26, 2021)

Integrations

LogRhythmRest

Added commands for handling users in LogRhythm.
- lr-get-users
- lr-get-logins
- lr-get-privileges
- lr-get-profiles
- lr-add-user
- lr-add-login

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	September 23, 2020
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.