0
11.1.10
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Security Operations LogRhythm integration allows Security Operations Center (SOC) analysts to automatically generate Security Incident Response (SIR) incidents when certain configured LogRhythm alarms are triggered. The SOC analyst responds to the incidents using workflows that automate incident response activities and close out the LogRhythm alarms after closing the SIR incident.
The integration includes the following key features:
- Flexibility to create multiple alarm profiles such as phishing and malware.
- Drag-and-drop mapping of LogRhythm alarm field values to associated SIR security incident fields.
- A preview of the SIR security incident layout based on sample alarms to validate configuration setup.
- Ingest historical alarms as well as ongoing, future alarms on configurable intervals.
- Automated alarm closeout upon incident closure, which includes a SIR security incident ID and URL for easy linking.
Fixed:
- CMDB_CI mapping getting failed for "Configuration Item" field on Logrhythm.
- Configuring CI Under Mapping Screen SIR Not Getting Created.
The following Security Incident Response plugins must be installed and activated:
- Security Incident Response (com.snc.security_incident)
- Security Support Orchestration (com.snc.secops.orchestration)
List of Business Rules:
- LogRhythm Default Profile
- Initialize pulling tracker
- getAlarmRules
- Show schedule job status
- closeLogRhythmAlarm
List of Scripts includes:
- LogRhythmIntegration
- LogRhythmSOAPEnvelope
- LogRhythmProfileAjax
- LogRhythmFieldMapProcessor
- LogRhythmAlarmLogic
- LogRhythmAlarmRuleLogic
- LogRhythmCacheDrillDown
Modules:
LogRhythm Integration:
- LogRhythm Configurations
- Alarm Profiles
- LogRhythm Field Translations
Tables:
- LogRhythm Alarm Event
- Alarm Profile
- Alarm Rule
- LogRhythm Configuration
- LogRhythm Field Translation
- LogRhythm Source to Task
List of Client Scripts:
- Profile Refresh Alarm Rules
- LogRhythm Profile Review Logic
- LogRhythm Profile Nav Buttons
- LogRhythm Profile Slush Filter Logic
- addSecurityIncidentFields
The Scope(s) used:
- sn_sec_logrhythm
List of properties (including system properties):
- sn_sec_logrhythm.glide.script.block.client.globals
List of transformation maps:
- LogRhythm Alarm Transform
List of Scheduled jobs for data imports:
- Process LogRhythm Integration