Apps
LogRhythm

Interpres Application - LogRhythm

  • Type: SIEM/Data Lake
  • Vendor: LogRhythm

This app integrates with LogRhythm to get Telemetry & Alerts. Detections need to be manually uploaded.

Vendor setup

  1. Log in to the Client Console as a Global Administrator, click Deployment Manager, and then click the Third Party Applications tab.
  2. Click New in the main toolbar and provide the Application Name and Description for the token.
  3. Return to the Third Party Applications tab, and double-click the application you created. Click Generate Token.
  4. Click OK, and then click Copy Token.

For more detailed instructions go to https://docs.logrhythm.com/lrsiem/7.12.0/generate-lr-api-token

App Configuration

App Parameters:

  • base url: The URL To the api source instance. The format is https://{IP}:8501
  • verify server cert: If enabled Interpres will verify the SSL certificate
  • access token: Token to access LogRhythm API

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • get_available_telemetry: Returns a list of telemetry identifiers with their current status.
  • get_alerts: Gets the latest alerts.
  • get_detections: Detections need to be uploaded manually. Please contact Interpres Customer support if you need help.



Did this page help you?
PREVIOUS
Interpres Application - LimaCharlie
NEXT
Interpres Application - Malwarebytes Endpoint
Docs powered by Archbee