02-01-2024 11:06 PM
We were recently having use case for a SIEM integration with cortex XSOAR. We have an on-premise LogRhythm SIEM server which we need to integrate with our Cortex XSOAR.
I have gone through the official XSOAR documentation for the integration but it wasn't of much help. Has anyone done the integration and made any playbooks?
Kindly share the process steps and if you had faced any errors please share how you overcame them.
Thanks !
#CortexXSOAR
02-02-2024 01:52 PM
Hello,
What problems are you currently experiencing with the integration setup? Can you share some context around the issue/error you are seeing?
Thanks,
Rahul Vijaydev
02-02-2024 09:24 PM
We have deployed LR SIEM on-prem, so we are facing multiple issues around the integration. We have done some trial and error so the errors have sometimes changed. But the majority errors were,
- Issue with connectivity to the on-prem server URL. We have verified that the server is reachable from the network. ( <requests.exceptions.ConnectionError>)
- API calls. While running the test it give either Error in API call [401] or [404]. We have followed the document for this one & created REST API from LR console, still it is giving an error.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
