Actions for LogRhythm #
- Send Data to LogRhythm. Sends a custom set of Lucidum data to LogRhythm.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to LogRhythm on a regular schedule.
- You can send normalized, enriched Lucidum data to LogRhythm to be indexed, searched, and analyzed.
Prerequisites #
To execute LogRhythm actions, you must:
-
Configure Configure a LogRhythm account that has API permissions. For details, see https://docs.logrhythm.com/lrapi/docs/register-third-party-applications-to-use-the-api.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
LogRhythm Configuration #
To create a configuration for LogRhythm actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
Host. Host name or IP address of the LogRhythm platform manager.
-
Port. The port of the LogRhythm platform manager. The default port is 8501.
-
API Token. The API token for an account with read and write access to the LogRhythm API. For details, see https://docs.logrhythm.com/lrapi/docs/register-third-party-applications-to-use-the-api.
-
Max # of Records per Payload. The maximum number of records to send to LogRhythm in each action. The default value is “50”.
Create a New Action #
To create an action for LogRhythm, contact Lucidum customer care.
