LogRhythm

the logrhythm connector connects to logrhythm alerts soap/rest api to execute tasks involving alerts prerequisites this connector requires a api token that have permission to access the rest api capabilities the logrhythm connector provides the following capabilities for both rest/soap apis get alarm events get alarm history get alarm summary get alarm url get alarm by id search alarms search results search tasks update alarm comment update alarm status configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alarm get alarm details for provided alarmid endpoint url lr alarm api/alarms/{{alarmid}} method get input argument name type required description alarmid number required unique identifier output parameter type description alarmdetails object output field alarmdetails alarmid number unique identifier personid number unique identifier entityid number unique identifier entityname string name of the resource alarmdate string date value alarmruleid number unique identifier alarmrulename string name of the resource alarmstatus string status value alarmstatusname string name of the resource lastupdatedid number unique identifier lastupdatedname string name of the resource dateinserted string output field dateinserted dateupdated string output field dateupdated associatedcases array output field associatedcases lastpersonid number unique identifier eventcount number count value eventdatefirst string output field eventdatefirst eventdatelast string output field eventdatelast rbpmax number output field rbpmax rbpavg number output field rbpavg executiontarget number output field executiontarget smartresponseactions array output field smartresponseactions srpname string name of the resource executiontime number time value example \[ { "alarmdetails" { "alarmid" 123, "personid" 123, "entityid" 123, "entityname" "example name", "alarmdate" "string", "alarmruleid" 123, "alarmrulename" "example name", "alarmstatus" "active", "alarmstatusname" "active", "lastupdatedid" 123, "lastupdatedname" "example name", "dateinserted" "string", "dateupdated" "string", "associatedcases" \[], "lastpersonid" 123 }, "statuscode" 123, "statusmessage" "string", "responsemessage" "string" } ] get alarm events get events in detail for provided alarmid endpoint url lr alarm api/alarms/{{alarmid}}/events method get input argument name type required description alarmid number required unique identifier output parameter type description alarmseventdetails array output field alarmseventdetails account string count value action string output field action amount number output field amount bytesin string output field bytesin bytesout string output field bytesout classificationid number unique identifier classificationname string name of the resource classificationtypename string name of the resource command string output field command commoneventid number unique identifier cve string output field cve commoneventname string name of the resource count number count value directionid number unique identifier directionname string name of the resource domain string output field domain duration number output field duration entityid number unique identifier entityname string name of the resource group string output field group impactedentityid number unique identifier impactedentityname string name of the resource impactedhostid number unique identifier impactedhostname string name of the resource example \[ { "alarmseventdetails" \[], "statuscode" 123, "statusmessage" "string", "responsemessage" "string" } ] get alarm history get alarm history details for provided alarmid and other filter criteria endpoint url lr alarm api/alarms/{{alarmid}}/history method get input argument name type required description alarmid number required unique identifier offset number optional the number of items to skip before starting to collect the result set count number optional the numbers of items to return orderby string optional field name on which we want to sort the result dir string optional provide order direction either ascending or descending dateupdated string optional filter criteria return value greater than or equal to the provided datetime personid number optional filter criteria to get the result on the basis og provided personid type string optional user can provide comment/status/rbp output parameter type description statuscode number status value statusmessage string status value responsemessage string response message alarmhistorydetails array output field alarmhistorydetails alarmid number unique identifier personid number unique identifier comments string output field comments dateupdated string output field dateupdated dateinserted string output field dateinserted example \[ { "statuscode" 123, "statusmessage" "string", "responsemessage" "string", "alarmhistorydetails" \[] } ] get alarm summary get alarm summary in detail for provided alarmid endpoint url lr alarm api/alarms/{{alarmid}}/summary method get input argument name type required description alarmid number required unique identifier output parameter type description alarmsummarydetails object output field alarmsummarydetails dateinserted string output field dateinserted rbpmax number output field rbpmax rbpavg number output field rbpavg alarmruleid number unique identifier alarmrulegroup string output field alarmrulegroup briefdescription string output field briefdescription additionaldetails string output field additionaldetails alarmeventsummary array output field alarmeventsummary msgclassid number unique identifier msgclassname string name of the resource commoneventid number unique identifier commoneventname string name of the resource originhostid number unique identifier impactedhostid string unique identifier originuser string output field originuser impacteduser string output field impacteduser originuseridentityid number unique identifier impacteduseridentityid number unique identifier originuseridentityname string unique identifier impacteduseridentityname string unique identifier originentityname string name of the resource impactedentityname string name of the resource statuscode number status value statusmessage string status value example \[ { "alarmsummarydetails" { "dateinserted" "string", "rbpmax" 123, "rbpavg" 123, "alarmruleid" 123, "alarmrulegroup" "string", "briefdescription" "string", "additionaldetails" "string", "alarmeventsummary" \[] }, "statuscode" 123, "statusmessage" "string", "responsemessage" "string" } ] get alarm url fetches the alarm url endpoint url lr alarm api/alarms/url method get output parameter type description alarmurl string url endpoint for the request statuscode number status value statusmessage string status value responsemessage string response message example \[ { "alarmurl" "string", "statuscode" 123, "statusmessage" "string", "responsemessage" "string" } ] search alarms search and get alarm details by using different filter criteria endpoint url lr alarm api/alarms method get input argument name type required description offset number optional the number of items to skip before starting to collect the result set count number optional the numbers of items to return orderby string optional field name on which we want to sort the result dir string optional provide order direction either ascending or descending alarmrulename string optional provide alarm rule name to get the result alarmstatus string optional can provide enum value in string or number format \[new = 0, opened = 1, working = 2, escalated = 3, closed = 4, closed falsealarm = 5, closed resolved = 6, closed unresolved = 7, closed reported = 8, closed monitor = 9] entityname string optional filter result by entity name notification string optional filter result by notification caseassociation string optional filter result by case associated to the alarm dateinserted string optional filter result by date inserted output parameter type description statuscode number status value statusmessage string status value responsemessage string response message alarmssearchdetails array output field alarmssearchdetails alarmid number unique identifier alarmrulename string name of the resource alarmstatus string status value alarmdatacached string response data associatedcases array output field associatedcases entityname string name of the resource dateinserted string output field dateinserted example \[ { "statuscode" 123, "statusmessage" "string", "responsemessage" "string", "alarmssearchdetails" \[] } ] search results this endpoint accepts taskid as input and allows logrhythm users to get indexed results from web indexer endpoint url lr search api/actions/search result method post input argument name type required description data object optional response data searchguid string optional this is a guid field it accepts taskid returned from search task search object optional parameter for search results sort array optional parameter for search results fieldname string optional name of the resource order string optional parameter for search results fields array optional parameter for search results paginator object optional parameter for search results origin number optional parameter for search results page size number optional parameter for search results search task logrhythm users can search logs/events using this endpoint this endpoint initates search and returns taskid and taskstatus the task details returned from this endpoint will be used as an input for second task (search result) endpoint url lr search api/actions/search task method post input argument name type required description maxmsgstoquery number optional parameter for search task querytimeout number optional parameter for search task searchmode string optional parameter for search task datecriteria object optional parameter for search task datemin string optional parameter for search task datemax string optional parameter for search task useinserteddate boolean optional date value lastintervalvalue number optional value for the parameter lastintervalunit string optional parameter for search task querylogsources array optional parameter for search task logsourceids array optional unique identifier queryfilter object optional parameter for search task msgfiltertype number optional type of the resource filtergroup object optional parameter for search task filteritemtype number optional type of the resource fieldoperator number optional parameter for search task filtermode number optional parameter for search task filtergroupoperator number optional parameter for search task filteritems array optional parameter for search task filteritemtype number optional type of the resource fieldoperator number optional parameter for search task filtermode number optional parameter for search task filtertype number optional type of the resource values array optional value for the parameter name string optional name of the resource output parameter type description taksid number unique identifier taskstatus string status value responsemessage string response message statusmessage string status value statuscode number status value example \[ { "taksid" 123, "taskstatus" "string", "responsemessage" "string", "statusmessage" "string", "statuscode" 123 } ] update alarm comment updates alarmhistory table to add comments in comments column based on the alarmid supplied searches existing alarmid returns a 404 error if the id does not exist otherwise, updates the alarmhistory table endpoint url lr alarm api/alarms/{{alarmid}}/comment method post input argument name type required description alarmid number required unique identifier alarmcomment string required parameter for update alarm comment output parameter type description statuscode number status value statusmessage string status value responsemessage string response message example \[ { "statuscode" 123, "statusmessage" "string", "responsemessage" "string" } ] update alarm status update alarm status and rbp searches existing alarmid returns a 404 error if the id does not exist otherwise, updates the alarmhistory table endpoint url lr alarm api/alarms/{{alarmid}} method patch input argument name type required description alarmid number required unique identifier alarmstatus string required status value rbp number required parameter for update alarm status output parameter type description statuscode number status value statusmessage string status value responsemessage string response message example \[ { "statuscode" 123, "statusmessage" "string", "responsemessage" "string" } ]