Additional configurations for the LogRhythm integration
- UpdatedJan 30, 2025
- 3 minutes to read
- Yokohama
- Security Incident Response integrations
Use the LogRhythm Integration Settings to modify the preset system and troubleshooting properties as per you requirements.
Before you begin
Role required: sn_si.admin
Procedure
- Navigate to All > LogRhythm Integration > LogRhythm Integration Settings.
- Configure the system properties as per your requirements.
-
On the form, fill the fields.
Table 1. LogRhythm Integration System Properties Field Description This will apply filter before the data is saved into ServiceNow tables. Option to determine if you want to apply the filter before the data gets stored in the ServiceNow tables. By default, the value is set as Yes.
Max Security Incident can be created in a day Option to define the maximum number of security incidents that can be created in one day. By default, the value is set as 2000.
LogRhythm periodic ingestion can be 1000+ alarms, hence pagination is used to ingest the alarms. Per page limit allowed to fetch number of alarms per page. Option to define the maximum number of alarms to be retrieved in a single page. By default, the value is set as 100.
Delete "Source To Task" table records older than specified number of days. Option to delete Source to Task table records when the specified number of days have been breached. By default, the value is set as 30.
- Configure the troubleshooting properties as per your requirements.
-
On the form, fill the fields.
Table 2. LogRhythm Integration Troubleshooting Properties Field Description Debug Scheduled Ingestion: This enables debug level system logs for ingestion done by scheduled job. This will log all the messages/exceptions generated by Scheduled ingestion while pulling Alarms/Drilldownlogs/Events from LogRhythm. Option to enable debug level system logs for ingestion performed by the scheduled job. By default, the value is set as No.
Debug Transform Map: This enables debug level system logs for Transform Map. This will log all the messages generated by transform maps while creating security incident from Alarm Import. This also enabled UI action on Alarm Import table to rerun transform map. Option to enable debug level system logs for the Transform Map. By default, the value is set as No.
Debug Sample Ingestion In Alarm Profile: This enables debug level system logs for Sample Ingestion. This will log all the messages generated while samples are ingested. Option to enable debug level system logs for Sample Ingestion. By default, the value is set as No.
Debug Preview In Alarm Profile: This enables debug level system logs for Alarm Profile Preview. This will log all the messages generated while preview is rendered for Sample Alarm. Option to enable debug level system logs for Alarm Profile Preview. By default, the value is set as No.
Debug Outbound REST calls: Enabling this property will allow debug level logging in System Logs table for all REST calls (request and response) going with or without mid server from LogRhythm. Option to enable debug level logging in System Logs table for all REST calls going with or without MID server from LogRhythm. By default, the value is set as No.
- Click Save.