#Logrhythm system monitor agent installation code#
The country code of the location that was impacted by the alarm. The IP address that was impacted by the alarm. The interface that was impacted by the alarm. The name of the host that was impacted by the alarm. The ID of the host that was impacted by the alarm. The name of the entity that was impacted by the alarm. The ID of the entity that was impacted by the alarm. Values can be Internal, External, Outbound, Local, or Unknown. The direction by name of the activity between a log’s origin and impacted zones. The direction by ID of the activity between a log’s origin and impacted zones. The specific command executed that was recorded in the log message. The number of bytes sent from a device, system, or process. The number of bytes received or input from a device, system, or process. The number of events related to the alarm. Lr-alarm-events-list Input # Argument Name It always returns a list of one item, even if the given alarm ID is associated with more than one event. Note: Currently, this command does not work as expected on LogRhythm's side. Gets a list of events for the specified alarm ID. } Copy Human Readable Output # History for alarm 200 # Alarm Id !lr-alarm-history-list alarm_id=200 type=status Context Example # The ID of the person who edited the alarm (changed status/ added comment, etc.).
The number of items to skip before starting to collect the result set. Possible values are: comment, status, rbp. Possible type: "comment", "status", and "rbp". The returned value will be greater than or equal to the given date.įilter by history type. Lr-alarm-history-list Input # Argument Nameįilter by when the alarm was updated. Gets the alarm history details by ID and filter criteria. !lr-alarm-add-comment alarm_id=200 alarm_comment=test Human Readable Output #Ĭomment added successfully to the alarm 200. Lr-alarm-add-comment Input # Argument Name
Updates the Alarm History table with comments in the Comments column based on the alarm ID supplied. !lr-alarm-update alarm_id=200 alarm_status=Closed rbp=100 Human Readable Output #Īlarm 200 has been updated. There is no context output for this command. Updates the alarm status and RBP based on the alarm ID supplied. } Copy Human Readable Output # Alarms # Alarm Id !lr-alarms-list count=2 alarm_status=Opened Context Example # Default is 50.Ī flag indicating whether the alarm data is cached. The number of alarms to skip before starting to collect the result set. Possible values are: New, Opened, Working, Escalated, Closed, Closed_FalseAlarm, Closed_Resolved, Closed_Unresolved, Closed_Reported, Closed_Monitor. Possible values: "New", "Opened", "Working", "Escalated", Closed, "Closed_FalseAlarm", "Closed_Resolved", "Closed_Unresolved", "Closed_Reported", "Closed_Monitor". Gets the details of the alarms using the filter criteria. You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.Īfter you successfully execute a command, a DBot message appears in the War Room with the command details. Parameterįirst fetch timestamp (, e.g., 12 hours, 7 days)Ĭlick Test to validate the URLs, token, and connection. Navigate to Settings > Integrations > Servers & Services.Ĭlick Add instance to create and configure a new integration instance. Configure LogRhythmRest v2 on Cortex XSOAR # If you are upgrading from a previous of this integration, see Breaking Changes. Some changes have been made that might affect your existing content. Previous versions that have been declared EOL by the vendor, are not supported. This integration was integrated and tested with version 7.7 of LogRhythm Rest API. The Agent functions as a main log data collector.
Click OK to return to the System Manager Agent Properties window.Confirm that the Value is the shared IP Address. In the Group column, locate the SyslogServer named SyslogServerNIC.In the bottom-left corner of the window, click Advanced.The System Manager Agent Properties window appears. Double-click the System Monitor Agent installed on the HA system.On the main toolbar, click Deployment Manager.Log on with privileged account credentials.System Monitor – Configuring Syslog for HA Operations The System Monitor collects all logs that are managed by LogRhythm and requires additional configuration for HA operation. Configure System Monitor for HA Deployments
0 kommentar(er)
