LogRhythm

the logrhythm connector connects to logrhythm alerts soap/rest api to execute tasks involving alerts prerequisites this connector requires a api token that have permission to access the rest api capabilities the logrhythm connector provides the following capabilities for both rest/soap apis get alarm events get alarm history get alarm summary get alarm url get alarm by id search alarms search results search tasks update alarm comment update alarm status configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alarm get alarm details for provided alarmid endpoint url lr alarm api/alarms/{{alarmid}} method get input argument name type required description path parameters alarmid number required parameters for the get alarm action input example {"path parameters" {"alarmid" 10}} output parameter type description alarmdetails object output field alarmdetails alarmdetails alarmid number unique identifier alarmdetails personid number unique identifier alarmdetails entityid number unique identifier alarmdetails entityname string name of the resource alarmdetails alarmdate string date value alarmdetails alarmruleid number unique identifier alarmdetails alarmrulename string name of the resource alarmdetails alarmstatus string status value alarmdetails alarmstatusname string name of the resource alarmdetails lastupdatedid number unique identifier alarmdetails lastupdatedname string name of the resource alarmdetails dateinserted string output field alarmdetails dateinserted alarmdetails dateupdated string output field alarmdetails dateupdated alarmdetails associatedcases array output field alarmdetails associatedcases alarmdetails lastpersonid number unique identifier alarmdetails eventcount number count value alarmdetails eventdatefirst string output field alarmdetails eventdatefirst alarmdetails eventdatelast string output field alarmdetails eventdatelast alarmdetails rbpmax number output field alarmdetails rbpmax alarmdetails rbpavg number output field alarmdetails rbpavg alarmdetails executiontarget number output field alarmdetails executiontarget alarmdetails smartresponseactions array output field alarmdetails smartresponseactions alarmdetails smartresponseactions srpname string name of the resource alarmdetails smartresponseactions executiontime number time value output example {"alarmdetails" {"alarmid" 123,"personid" 123,"entityid" 123,"entityname" "example name","alarmdate" "string","alarmruleid" 123,"alarmrulename" "example name","alarmstatus" "active","alarmstatusname" "active","lastupdatedid" 123,"lastupdatedname" "example name","dateinserted" "string","dateupdated" "string","associatedcases" \["string"],"lastpersonid" 123},"statuscode" 123,"statusmessage" "string","responsemessage" "string"} get alarm events get events in detail for provided alarmid endpoint url lr alarm api/alarms/{{alarmid}}/events method get input argument name type required description path parameters alarmid number required parameters for the get alarm events action input example {"path parameters" {"alarmid" 10}} output parameter type description alarmseventdetails array output field alarmseventdetails alarmseventdetails account string count value alarmseventdetails action string output field alarmseventdetails action alarmseventdetails amount number output field alarmseventdetails amount alarmseventdetails bytesin string output field alarmseventdetails bytesin alarmseventdetails bytesout string output field alarmseventdetails bytesout alarmseventdetails classificationid number unique identifier alarmseventdetails classificationname string name of the resource alarmseventdetails classificationtypename string name of the resource alarmseventdetails command string output field alarmseventdetails command alarmseventdetails commoneventid number unique identifier alarmseventdetails cve string output field alarmseventdetails cve alarmseventdetails commoneventname string name of the resource alarmseventdetails count number count value alarmseventdetails directionid number unique identifier alarmseventdetails directionname string name of the resource alarmseventdetails domain string output field alarmseventdetails domain alarmseventdetails duration number output field alarmseventdetails duration alarmseventdetails entityid number unique identifier alarmseventdetails entityname string name of the resource alarmseventdetails group string output field alarmseventdetails group alarmseventdetails impactedentityid number unique identifier alarmseventdetails impactedentityname string name of the resource alarmseventdetails impactedhostid number unique identifier alarmseventdetails impactedhostname string name of the resource output example {"alarmseventdetails" \[],"statuscode" 123,"statusmessage" "string","responsemessage" "string"} get alarm history get alarm history details for provided alarmid and other filter criteria endpoint url lr alarm api/alarms/{{alarmid}}/history method get input argument name type required description path parameters alarmid number required parameters for the get alarm history action parameters offset number optional the number of items to skip before starting to collect the result set parameters count number optional the numbers of items to return parameters orderby string optional field name on which we want to sort the result parameters dir string optional provide order direction either ascending or descending parameters dateupdated string optional filter criteria return value greater than or equal to the provided datetime parameters personid number optional filter criteria to get the result on the basis og provided personid parameters type string optional user can provide comment/status/rbp input example {"path parameters" {"alarmid" 10}} output parameter type description statuscode number status value statusmessage string status value responsemessage string response message alarmhistorydetails array output field alarmhistorydetails alarmhistorydetails alarmid number unique identifier alarmhistorydetails personid number unique identifier alarmhistorydetails comments string output field alarmhistorydetails comments alarmhistorydetails dateupdated string output field alarmhistorydetails dateupdated alarmhistorydetails dateinserted string output field alarmhistorydetails dateinserted output example {"statuscode" 123,"statusmessage" "string","responsemessage" "string","alarmhistorydetails" \[]} get alarm summary get alarm summary in detail for provided alarmid endpoint url lr alarm api/alarms/{{alarmid}}/summary method get input argument name type required description path parameters alarmid number required parameters for the get alarm summary action input example {"path parameters" {"alarmid" 10}} output parameter type description alarmsummarydetails object output field alarmsummarydetails alarmsummarydetails dateinserted string output field alarmsummarydetails dateinserted alarmsummarydetails rbpmax number output field alarmsummarydetails rbpmax alarmsummarydetails rbpavg number output field alarmsummarydetails rbpavg alarmsummarydetails alarmruleid number unique identifier alarmsummarydetails alarmrulegroup string output field alarmsummarydetails alarmrulegroup alarmsummarydetails briefdescription string output field alarmsummarydetails briefdescription alarmsummarydetails additionaldetails string output field alarmsummarydetails additionaldetails alarmsummarydetails alarmeventsummary array output field alarmsummarydetails alarmeventsummary alarmsummarydetails alarmeventsummary msgclassid number unique identifier alarmsummarydetails alarmeventsummary msgclassname string name of the resource alarmsummarydetails alarmeventsummary commoneventid number unique identifier alarmsummarydetails alarmeventsummary commoneventname string name of the resource alarmsummarydetails alarmeventsummary originhostid number unique identifier alarmsummarydetails alarmeventsummary impactedhostid string unique identifier alarmsummarydetails alarmeventsummary originuser string output field alarmsummarydetails alarmeventsummary originuser alarmsummarydetails alarmeventsummary impacteduser string output field alarmsummarydetails alarmeventsummary impacteduser alarmsummarydetails alarmeventsummary originuseridentityid number unique identifier alarmsummarydetails alarmeventsummary impacteduseridentityid number unique identifier alarmsummarydetails alarmeventsummary originuseridentityname string unique identifier alarmsummarydetails alarmeventsummary impacteduseridentityname string unique identifier alarmsummarydetails alarmeventsummary originentityname string name of the resource alarmsummarydetails alarmeventsummary impactedentityname string name of the resource statuscode number status value statusmessage string status value output example {"alarmsummarydetails" {"dateinserted" "string","rbpmax" 123,"rbpavg" 123,"alarmruleid" 123,"alarmrulegroup" "string","briefdescription" "string","additionaldetails" "string","alarmeventsummary" \[{}]},"statuscode" 123,"statusmessage" "string","responsemessage" "string"} get alarm url fetches the alarm url endpoint url lr alarm api/alarms/url method get output parameter type description alarmurl string url endpoint for the request statuscode number status value statusmessage string status value responsemessage string response message output example {"alarmurl" "string","statuscode" 123,"statusmessage" "string","responsemessage" "string"} search alarms search and get alarm details by using different filter criteria endpoint url lr alarm api/alarms method get input argument name type required description parameters offset number optional the number of items to skip before starting to collect the result set parameters count number optional the numbers of items to return parameters orderby string optional field name on which we want to sort the result parameters dir string optional provide order direction either ascending or descending parameters alarmrulename string optional provide alarm rule name to get the result parameters alarmstatus string optional can provide enum value in string or number format \[new = 0, opened = 1, working = 2, escalated = 3, closed = 4, closed falsealarm = 5, closed resolved = 6, closed unresolved = 7, closed reported = 8, closed monitor = 9] parameters entityname string optional filter result by entity name parameters notification string optional filter result by notification parameters caseassociation string optional filter result by case associated to the alarm parameters dateinserted string optional filter result by date inserted input example {"parameters" {"offset" 123,"count" 123,"orderby" "string","dir" "string","alarmrulename" "example name","alarmstatus" "active","entityname" "example name","notification" "string","caseassociation" "string","dateinserted" "string"}} output parameter type description statuscode number status value statusmessage string status value responsemessage string response message alarmssearchdetails array output field alarmssearchdetails alarmssearchdetails alarmid number unique identifier alarmssearchdetails alarmrulename string name of the resource alarmssearchdetails alarmstatus string status value alarmssearchdetails alarmdatacached string response data alarmssearchdetails associatedcases array output field alarmssearchdetails associatedcases alarmssearchdetails entityname string name of the resource alarmssearchdetails dateinserted string output field alarmssearchdetails dateinserted output example {"statuscode" 123,"statusmessage" "string","responsemessage" "string","alarmssearchdetails" \[]} search results this endpoint accepts taskid as input and allows logrhythm users to get indexed results from web indexer endpoint url lr search api/actions/search result method post input argument name type required description data object optional response data data searchguid string optional this is a guid field it accepts taskid returned from search task data search object optional response data data search sort array optional response data data search sort fieldname string optional response data data search sort order string optional response data data search fields array optional response data data paginator object optional response data data paginator origin number optional response data data paginator page size number optional response data input example {"data" {"searchguid" "string","search" {"sort" \[{"fieldname" "example name","order" "string"}],"fields" \["string"]},"paginator" {"origin" 123,"page size" 123}}} search task logrhythm users can search logs/events using this endpoint this endpoint initates search and returns taskid and taskstatus the task details returned from this endpoint will be used as an input for second task (search result) endpoint url lr search api/actions/search task method post input argument name type required description maxmsgstoquery number optional parameter for search task querytimeout number optional parameter for search task searchmode string optional parameter for search task datecriteria object optional parameter for search task datecriteria datemin string optional parameter for search task datecriteria datemax string optional parameter for search task datecriteria useinserteddate boolean optional date value datecriteria lastintervalvalue number optional value for the parameter datecriteria lastintervalunit string optional parameter for search task querylogsources array optional parameter for search task logsourceids array optional unique identifier queryfilter object optional parameter for search task queryfilter msgfiltertype number optional type of the resource queryfilter filtergroup object optional parameter for search task queryfilter filtergroup filteritemtype number optional type of the resource queryfilter filtergroup fieldoperator number optional parameter for search task queryfilter filtergroup filtermode number optional parameter for search task queryfilter filtergroup filtergroupoperator number optional parameter for search task queryfilter filtergroup filteritems array optional parameter for search task queryfilter filtergroup filteritems filteritemtype number optional type of the resource queryfilter filtergroup filteritems fieldoperator number optional parameter for search task queryfilter filtergroup filteritems filtermode number optional parameter for search task queryfilter filtergroup filteritems filtertype number optional type of the resource queryfilter filtergroup filteritems values array optional value for the parameter queryfilter filtergroup filteritems values filtertype string optional type of the resource input example {"maxmsgstoquery" 123,"querytimeout" 123,"searchmode" "string","datecriteria" {"datemin" "string","datemax" "string","useinserteddate"\ true,"lastintervalvalue" 123,"lastintervalunit" "string"},"querylogsources" \[123],"logsourceids" \[123],"queryfilter" {"msgfiltertype" 123,"filtergroup" {"filteritemtype" 123,"fieldoperator" 123,"filtermode" 123,"filtergroupoperator" 123,"filteritems" \[{"filteritemtype" 123,"fieldoperator" 123,"filtermode" 123,"filtertype" 123,"values" \[],"name" "example name"}]}},"queryeventmanager"\ true} output parameter type description taksid number unique identifier taskstatus string status value responsemessage string response message statusmessage string status value statuscode number status value output example {"taksid" 123,"taskstatus" "string","responsemessage" "string","statusmessage" "string","statuscode" 123} update alarm comment updates alarmhistory table to add comments in comments column based on the alarmid supplied searches existing alarmid returns a 404 error if the id does not exist otherwise, updates the alarmhistory table endpoint url lr alarm api/alarms/{{alarmid}}/comment method post input argument name type required description path parameters alarmid number required parameters for the update alarm comment action alarmcomment string optional parameter for update alarm comment input example {"path parameters" {"alarmid" 10}} output parameter type description statuscode number status value statusmessage string status value responsemessage string response message output example {"statuscode" 123,"statusmessage" "string","responsemessage" "string"} update alarm status update alarm status and rbp searches existing alarmid returns a 404 error if the id does not exist otherwise, updates the alarmhistory table endpoint url lr alarm api/alarms/{{alarmid}} method patch input argument name type required description path parameters alarmid number required parameters for the update alarm status action alarmstatus string optional status value rbp number optional parameter for update alarm status input example {"path parameters" {"alarmid" 10}} output parameter type description statuscode number status value statusmessage string status value responsemessage string response message output example {"statuscode" 123,"statusmessage" "string","responsemessage" "string"} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt