Bots From Extension: logrhythm
LogRhythm - Collect inventory information from LogRhythm
This extension provides 8 bots.
Bot @logrhythm:alarm-ids
Bot Position In Pipeline: Sink
Get alarm details by ID from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
| timestamp | DateTime | CFXQL for filtering the data for a specified time period. Default is last 6 days. Ex: timestamp is after -6days |
Bot @logrhythm:alarm-summary
Bot Position In Pipeline: Sink
Get alarm summary by alarm ID from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
| timestamp | DateTime | CFXQL for filtering the data for a specified time period. Default is last 6 days. Ex: timestamp is after -6days |
Bot @logrhythm:alarms
Bot Position In Pipeline: Sink
Get alarms from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
| timestamp | DateTime | CFXQL for filtering the data for a specified time period. Default is last 6 months. Ex: timestamp is after -180days |
Bot @logrhythm:cases
Bot Position In Pipeline: Sink
Get cases from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
Bot @logrhythm:events
Bot Position In Pipeline: Sink
Get events by alarm ID from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
| timestamp | DateTime | CFXQL for filtering the data for a specified time period. Default is last 6 days. Ex: timestamp is after -6days |
Bot @logrhythm:hosts
Bot Position In Pipeline: Sink
Get hosts from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
Bot @logrhythm:logs
Bot Position In Pipeline: Sink
Get accepted log sources from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| page_size | Text | 1000 | Number of records to collect per call. |
Bot @logrhythm:search-results
Bot Position In Pipeline: Sink
Get indexed search results for existing task IDs from LogRhythm.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| timestamp | DateTime | CFXQL for filtering the data for a specified time period. Default is last 24 hours. Ex: timestamp is after -2days & timestamp is before -1day |