wRESTling with LogRhythm

An enhanced LogRhythm Integration with case management capabilities and sample playbooks.

Comment

Full Demo Video

https://www.youtube.com/watch?v=XoNHNvx4I3Y

Inspiration

The Little Engine That Could.

What it does

Provides enhanced capabilities for dealing with LogRhythm Cases and Alarms. In addition to optionally fetching Cases from a LogRhythm instance, it provides the following commands:

lr-add-alarms-to-case Adds the specified alarms to the specified case.

lr-add-case-note Adds note evidence to a Case.

lr-create-case Creates a Case in LogRhythm

lr-drilldown-on Drills down on an alarm.

lr-update-case-status Update the status of a case by sending the numerical status code.

lr-update-case-summary Updates the case summary.

How we built it

One Playbook task at a time.

Challenges we ran into

We had use cases requiring Case management functionality. Since existing Integrations did not provide the needed commands, our first challenge was learning how to write one of our own. This in turn led to the need to write customized Playbooks to handle other LogRhythm-specific requirements. Combining like Alarms into a single Case was perhaps the most complex problem we faced.

Accomplishments that we're proud of

  • Developing our own Integration to handle Case management
  • Creating an entire end-to-end solution for working with LR Alarms and Cases

What we learned

  • Jacob: That Tony doesn't comment his code or follow all conventions.
  • Tony: That he should better document his code and follow all conventions.
  • Subhanga: It's not as easy as we make it look.

What's next for wRESTling with LogRhtythm

The team will be happy to take a REST from LogRhythm.

Built With

Share this project:

Updates