Logpoint

the logpoint connector allows for use of the logpoint security information and event management (siem) product capabilities the logpoint connector provides the following capabilities add incident comment assign or reassign incident close incident get devices get incident by id get incident users get incidents get livesearches get logpoint get query by searchid get repos get user timezone reopen incidents resolve incidents run adhoc query asset setup the asset requires a host , username , and secret key tasks setup for tasks that take datetime inputs, you can use any standard datetime format, or put in a relative time notes for more information on logpoint https //docs logpoint com/docs/logpoint api reference/en/latest/ configurations logpoint authentication authenticates using username and secret key configuration parameters parameter description type required url a url to the target host string required username username string required password secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add incident comment add a comments to incidents endpoint url /add incident comment method post input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata version string optional response data requestdata states array optional response data requestdata states id string optional response data requestdata states comments array optional response data input example {"json body" {"requestdata" {"version" "0 1","states" \[{" id" "6156e859b92e73ec9b0b9bfa","comments" \["comment1","comment2"]},{" id" "6156e985b92e73ec9b0b9bfb","comments" \["comment1","comment2"]}]}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} assign or reassign incident assign or reassign incident endpoint url /assign incident method post input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata version string optional response data requestdata incident ids array optional response data requestdata new assignee string optional response data input example {"json body" {"requestdata" {"version" "0 1","incident ids" \["5a62bd8cce983de89085429c","5a62bd8cce983de89085429b","5a62bd8cce983de89085429e"],"new assignee" "59b0eecfd8aaa4334ee41707"}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} close incident close an incident endpoint url /close incident method post input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata version string optional response data requestdata incident ids array optional response data input example {"json body" {"requestdata" {"version" "0 1","incident ids" \["5a62bd8cce983de89085429c","5a62bd8cce983de89085429b","5a62bd8cce983de89085429e"]}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get devices retrieve devices endpoint url /getalloweddata method post input argument name type required description data body object optional response data data body type string optional response data headers object optional http headers for the request input example {"data body" {"type" "devices"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get incident by id retrieve information associated with a particular incident endpoint url /get data from incident method get input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata incident obj id string optional response data requestdata incident id string optional response data input example {"json body" {"requestdata" {"incident obj id" "6156e859b92e73ec9b0b9bfa","incident id" "a84eba14a93482092a1db865c87516af"}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get incident users get users and user groups involved in any logpoint recorded incidents endpoint url /get users method get input argument name type required description headers object optional http headers for the request input example {"headers" {}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get incidents retrieve incidents from a specific time range endpoint url /incidents method get input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata version string optional response data requestdata ts from number optional response data requestdata ts to number optional response data input example {"json body" {"requestdata" {"version" "0 1","ts from" 1633085529,"ts to" 1640595047}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get livesearches get livesearches endpoint url /getalloweddata method post input argument name type required description data body object optional response data data body type string optional response data headers object optional http headers for the request input example {"data body" {"type" "livesearches"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get logpoint retrieve logpoint(s) endpoint url /getalloweddata method post input argument name type required description data body object optional response data data body type string optional response data headers object optional http headers for the request input example {"data body" {"type" "loginspects"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get query by searchid retrieve a query by search id endpoint url /getsearchlogs method post input argument name type required description data body object required response data data body search id string required response data headers object optional http headers for the request input example {"data body" {"search id" "c970d599 c107 41c1 a54c a2129eef4062"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get repos retrieve repos endpoint url /getalloweddata method post input argument name type required description data body object optional response data data body type string optional response data headers object optional http headers for the request input example {"data body" {"type" "logpoint repos"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get user timezone retrieve a user's timezone endpoint url /getalloweddata method post input argument name type required description data body object optional response data data body type string optional response data headers object optional http headers for the request input example {"data body" {"type" "user preference"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} reopen incidents reopen incident by incident id endpoint url /reopen incident method post input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata version string optional response data requestdata incident ids array optional response data input example {"json body" {"requestdata" {"version" "0 1","incident ids" \["5a62bd8cce983de89085429c","5a62bd8cce983de89085429b","5a62bd8cce983de89085429e"]}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} resolve incidents resolve an incident endpoint url /resolve incident method post input argument name type required description headers object optional http headers for the request requestdata object optional response data requestdata version string optional response data requestdata incident ids array optional response data input example {"json body" {"requestdata" {"version" "0 1","incident ids" \["5a62bd8cce983de89085429c","5a62bd8cce983de89085429b","5a62bd8cce983de89085429e"]}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} run adhoc query run ad hoc query/get search results endpoint url /getsearchlogs method post input argument name type required description data body object optional response data data body requestdata object optional response data data body requestdata query string optional response data data body requestdata time range string optional response data data body requestdata limit number optional response data data body requestdata repos array optional response data headers object optional http headers for the request input example {"data body" {"requestdata" {"query" "|chart count() by device ip","time range" "last 24 hours","limit" 100,"repos" \["127 0 0 1 5504/ logpoint"]}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt