LogRhythm Axon

the logrhythm axon connector enables seamless integration with swimlane turbine, facilitating automated case management and activity tracking for enhanced security operations logrhythm axon is a powerful security analytics and case management solution that enables organizations to streamline their threat detection and response efforts this connector allows swimlane turbine users to integrate with logrhythm axon, providing the ability to create, update, and manage cases and activities directly within the swimlane platform by leveraging this integration, users can automate case management workflows, enhance incident response, and maintain a centralized view of security operations, all without the need for coding the swimlane logrhythm axon siem connector integrates with swimlane to do the case management (create, update, retrieve and search for cases) prerequisites to effectively utilize the logrhythm axon connector within swimlane turbine, ensure you have the following prerequisites api key authentication url the endpoint url for the logrhythm axon api api key a valid api key provided by logrhythm axon for authentication capabilities the swimlane logrhythm axon siem connector has the following capabilities create a case create an activity change status for multiple cases search for cases in a tenant using a string retrieve activity entries retrieve all the cases for a tenant retrive all cases for tenant retrieve an activity by id for a tenant update a activity description update a activity update a case api keys analysts are able to manage api keys from their profile, authorizing third party software to connect with axon to manage api keys, from the dashboard in the upper right corner, click the user menu icon click my account the my account page appears click the api keys tab a list of the user's api keys appears add new api key to add a new api key, from the api keys tab click + add new api key in the top right corner the add new api key pop up appears enter a descriptive, unique api key name for this new api key click generate key the copy api key pop up appears click the copy icon to copy the generated api key save the key in a secure location for your records generated api keys are not able to be retrieved once this window is closed click the copy and close button the pop up closes and the new api key is added to the list authorization to authorize an axon api request, you must use an axon api key in the authorization header of your request for instructions on how to get an axon api key, see api keys the authorization header should not have a prefix for example authorization abcd 1234 efghijk 567 lmno 8910pqr configurations logrhythm axon api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required authorization api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions change status for multiple cases updates the status, severity, and adds comments to multiple cases in logrhythm axon, requiring tenantid, status, severity, and comment endpoint url /case management svc/v1/tenants/{{tenantid}}/cases method put input argument name type required description tenantid string required unique identifier status string required status value severity string required parameter for change status for multiple cases ownerid string optional unique identifier description string optional parameter for change status for multiple cases comment string required parameter for change status for multiple cases caseids string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "ok" } } ] create a case create a new case in logrhythm axon with specified tenant id, name, status, and severity endpoint url /case management svc/v1/tenants/{{tenantid}}/cases method post input argument name type required description tenantid string required unique identifier owneruserid string optional unique identifier name string required name of the resource description string optional parameter for create a case incident boolean optional unique identifier valid boolean optional unique identifier status string required status value severity string required parameter for create a case observationname string optional name of the resource collaborators array optional parameter for create a case collaboratorid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier tenantid string unique identifier createdon string output field createdon updatedon string output field updatedon owneruserid string unique identifier number number output field number name string name of the resource description string output field description incident boolean unique identifier valid boolean unique identifier status string status value severity string output field severity observationname string name of the resource createdby string output field createdby updatedby string output field updatedby firstlogdate string date value lastlogdate string date value collaborators array output field collaborators tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon caseid string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "id" "12345678 1234 1234 1234 123456789abc", "tenantid" "string", "createdon" "string", "updatedon" "string", "owneruserid" "string", "number" 123, "name" "example name", "description" "string", "incident" true, "valid" true, "status" "active", "severity" "string", "observationname" "example name", "createdby" "string", "updatedby" "string" } } ] create an activity generates a new activity in logrhythm axon linked to a specific case, requiring tenantid, caseid, description, and type endpoint url /case management svc/v1/tenants/{{tenantid}}/activities method post input argument name type required description tenantid string required tenantid caseid string required unique identifier description string required parameter for create an activity queryfilter string optional parameter for create an activity type string required type of the resource logs array optional parameter for create an activity logid string required unique identifier attachments array optional parameter for create an activity name string required name of the resource location string required parameter for create an activity output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier tenantid string unique identifier createdon string output field createdon updatedon string output field updatedon activityid string unique identifier comment string output field comment example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "8zcdjvs csleiyhr9nxq pg6mymsdr", "tenantid" "string", "createdon" "2023 12 26t05 41 41 544z", "updatedon" "2023 12 26t05 41 41 544z", "activityid" "123456789", "comment" "details of the event" } } ] retrieve activity entries retrieve all activity entries associated with a given case and tenant in logrhythm axon, requiring caseid and tenantid as path parameters endpoint url /case management svc/v1/tenants/{{tenantid}}/activities/bycaseid/{{caseid}} method get input argument name type required description caseid string required unique identifier tenantid string required unique identifier afterid string optional unique identifier limit number optional parameter for retrieve activity entries sort string optional parameter for retrieve activity entries output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value paginationinfo object output field paginationinfo totalcount number count value nextpage string output field nextpage content array response content tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon caseid string unique identifier description string output field description queryfilter string output field queryfilter example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "active", "paginationinfo" {}, "content" \[] } } ] retrieve all the cases for a tenant retrieve all cases associated with a specified tenant id in logrhythm axon, requiring the tenantid as a path parameter endpoint url /case management svc/v1/tenants/{{tenantid}}/cases method get input argument name type required description tenantid string required the identifier of the tenant afterid string optional unique identifier limit string optional parameter for retrieve all the cases for a tenant sort string optional parameter for retrieve all the cases for a tenant output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value paginationinfo object output field paginationinfo totalcount number count value nextpage string output field nextpage content array response content tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon owneruserid string unique identifier number number output field number name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "active", "paginationinfo" {}, "content" \[] } } ] retrieve an activity by id for a tenant retrieve details of a specific activity by its id for a given tenant in logrhythm axon, requiring both 'id' and 'tenantid' endpoint url /case management svc/v1/tenants/{{tenantid}}/activities/{{id}} method get input argument name type required description tenantid string required the identifier of the tenant id string required the system identifier for this object output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value content object response content tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon caseid string unique identifier description string output field description queryfilter string output field queryfilter type string type of the resource createdby string output field createdby updatedby string output field updatedby example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "ok", "content" {} } } ] retrive all cases for tenant retrieves all cases for a specified tenant in logrhythm axon, with options to filter by severity or status endpoint url /case management svc/v1/tenants/{{tenantid}}/cases/bystatusandpriorityandownerpattern method get input argument name type required description tenantid string required unique identifier afterid string optional unique identifier limit number optional parameter for retrive all cases for tenant owneremail string optional parameter for retrive all cases for tenant severity string optional parameter for retrive all cases for tenant sort string optional parameter for retrive all cases for tenant status string optional status value output parameter type description status code number http status code of the response reason string response reason phrase requestid string unique identifier paginationinfo object output field paginationinfo nextpage string output field nextpage content array response content tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon owneruserid string unique identifier number number output field number name string name of the resource description string output field description incident boolean unique identifier valid boolean unique identifier status string status value severity string output field severity createdby string output field createdby updatedby string output field updatedby createdbyemail string output field createdbyemail updatedbyemail string output field updatedbyemail observationname string name of the resource observation string output field observation firstlogdate string date value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "requestid" "string", "paginationinfo" {}, "content" \[] } } ] search for cases in a tenant using a string performs a search for cases within a specified tenant in logrhythm axon using given search criteria endpoint url /case management svc/v1/tenants/{{tenantid}}/cases/search method get input argument name type required description tenantid string required unique identifier afterid string optional unique identifier casestatus string optional status value searchcriteria string required parameter for search for cases in a tenant using a string limit string optional parameter for search for cases in a tenant using a string sort string optional parameter for search for cases in a tenant using a string output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value paginationinfo object output field paginationinfo totalcount number count value nextpage string output field nextpage content array response content tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon owneruserid string unique identifier number number output field number name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "active", "paginationinfo" {}, "content" \[] } } ] update a activity updates an activity in logrhythm axon using specific ids and details such as caseid, description, and type endpoint url /case management svc/v1/tenants/{{tenantid}}/activities/{{id}} method put input argument name type required description tenantid string required the identifier of the tenant id string required the system identifier for this object caseid string required unique identifier description string required parameter for update a activity queryfilter string optional parameter for update a activity type string required type of the resource logs array optional parameter for update a activity logid string required unique identifier attachments array optional parameter for update a activity name string required name of the resource location string required parameter for update a activity output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value content object response content id string unique identifier tenantid string unique identifier createdon string output field createdon updatedon string output field updatedon caseid string unique identifier description string output field description queryfilter string output field queryfilter type string type of the resource createdby string output field createdby updatedby string output field updatedby example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "ok", "content" {} } } ] update a activity description updates the description of an activity in logrhythm axon using specified 'id' and 'tenantid' endpoint url /case management svc/v1/tenants/{{tenantid}}/activities/{{id}} method patch input argument name type required description tenantid string required unique identifier id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value content object response content id string unique identifier tenantid string unique identifier createdon string output field createdon updatedon string output field updatedon caseid string unique identifier description string output field description queryfilter string output field queryfilter type string type of the resource createdby string output field createdby updatedby string output field updatedby example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "ok", "content" {} } } ] update a case updates a specific case in logrhythm axon by id and tenantid, allowing changes to name, status, severity, and creator endpoint url /case management svc/v1/tenants/{{tenantid}}/cases/{{id}} method put input argument name type required description id string required unique identifier tenantid string required unique identifier owneruserid string optional unique identifier name string required name of the resource description string optional parameter for update a case incident boolean optional unique identifier valid boolean optional unique identifier status string required status value severity string required parameter for update a case createdby string required parameter for update a case observationname string optional name of the resource collaborators array optional parameter for update a case collaboratorid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase computed object output field computed additionalprop1 object output field additionalprop1 additionalprop2 object output field additionalprop2 additionalprop3 object output field additionalprop3 requestid string unique identifier error object error message if any status number status value message string response message validationfailures array unique identifier field string output field field message string response message status string status value content object response content tenantid string unique identifier id string unique identifier createdon string output field createdon updatedon string output field updatedon owneruserid string unique identifier number number output field number name string name of the resource description string output field description incident boolean unique identifier valid boolean unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "computed" {}, "requestid" "string", "error" {}, "status" "active", "content" {} } } ] response headers header description example content length the length of the response body in bytes 5428 content security policy http response header content security policy frame ancestors 'self'; content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt permissions policy http response header permissions policy camera=(), microphone=(), geolocation=(), encrypted media=(), payment=(), usb=() referrer policy http response header referrer policy same origin server information about the software used by the origin server istio envoy strict transport security http response header strict transport security max age=31536000; includesubdomains x content type options http response header x content type options nosniff x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x envoy upstream service time http response header x envoy upstream service time 58 x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block notes axion case api documentation https //docs logrhythm com/axon/docs/axon case management api endpoints https //docs logrhythm com/axon/docs/axon case management api endpoints