Cortex XSOAR integration with Logrhythm SIEM

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XSOAR integration with Logrhythm SIEM

L0 Member

We were recently having use case for a SIEM integration with cortex XSOAR. We have an on-premise LogRhythm SIEM server which we need to integrate with our Cortex XSOAR.

 

I have gone through the official XSOAR documentation for the integration but it wasn't of much help. Has anyone done the integration and made any playbooks?

 

Kindly share the process steps and if you had faced any errors please share how you overcame them.

 

Thanks !

 

#CortexXSOAR

 

 

 

2 REPLIES 2

L3 Networker

Hello,

 

What problems are you currently experiencing with the integration setup? Can you share some context around the issue/error you are seeing?

 

Thanks,

Rahul Vijaydev

 

We have deployed LR SIEM on-prem, so we are facing multiple issues around the integration. We have done some trial and error so the errors have sometimes changed. But the majority errors were,

- Issue with connectivity to the on-prem server URL. We have verified that the server is reachable from the network. ( <requests.exceptions.ConnectionError>)

- API calls. While running the test it give either Error in API call [401] or [404]. We have followed the document for this one & created REST API from LR console, still it is giving an error.

  • 344 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!