LogPoint SIEM Integration

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Use this Content Pack to fetch incident logs from LogPoint, analyze them for underlying threats, and respond to these threats in real-time. This integration was integrated and tested with version 6.7.4 of LogPoint.

Use Cases#

  • Retrieve incidents using available filters.
  • Get data of particular incidents, their state, user, and user groups.
  • Resolve, Close, Re-open, Re-assign, and add comments to the incidents.
  • Act accordingly to the incidents using LogPoint provided and/or custom playbooks.

Configure LogPoint on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for LogPoint SIEM Integration.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    urlLogPoint URLTrue
    usernameLogPoint UsernameTrue
    apikeyAPI KeyTrue
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
    first_fetchFirst fetch timestamp (\<number> \<time unit>, e.g., 6 hours, 1 day)False
    incidentTypeIncident typeFalse
    isFetchFetch incidentsFalse
    max_fetchFetch limit (Max value is 200, Recommended value is 50 or less)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

lp-get-incidents#


Displays incidents between the provided two Timestamps ts_from and ts_to. By default, this command will display first 50 incidents of the past 24 hours but limit can be set to get desired number of incidents.

Base Command#

lp-get-incidents

Input#

Argument NameDescriptionRequired
ts_fromFrom Timestamp.Optional
ts_toTo Timestamp.Optional
limitNumber of incidents to fetch. Accepts integer value.Optional

Context Output#

PathTypeDescription
LogPoint.Incidents.nameStringLogPoint Incident Name
LogPoint.Incidents.typeStringLogPoint Incident Type
LogPoint.Incidents.incident_idStringLogPoint Incident ID
LogPoint.Incidents.assigned_toStringLogPoint Incidents Assigned To
LogPoint.Incidents.statusStringLogPoint Incidents Status
LogPoint.Incidents.idStringLogPoint Incident Object ID
LogPoint.Incidents.detection_timestampNumberLogPoint Incidents Detection Timestamp
LogPoint.Incidents.usernameStringLogPoint Incident Username
LogPoint.Incidents.user_idStringLogPoint Incidents User ID
LogPoint.Incidents.assigned_toStringLogPoint Incidents Assigned To
LogPoint.Incidents.visible_toStringLogPoint Incidents Visible To
LogPoint.Incidents.tidStringLogPoint Incidents Tid
LogPoint.Incidents.rows_countStringLogPoint Incidents Rows Count
LogPoint.Incidents.risk_levelStringLogPoint Incidents Risk Level
LogPoint.Incidents.detection_timestampStringLogPoint Incidents Detection Timestamp
LogPoint.Incidents.loginspect_ip_dnsStringLogPoint Incidents Loginspect IP DNS
LogPoint.Incidents.statusStringLogPoint Incidents Status
LogPoint.Incidents.commentsStringLogPoint Incidents Comments
LogPoint.Incidents.commentscountNumberLogPoint Incidents Comments Count
LogPoint.Incidents.queryStringLogPoint Incidents Query
LogPoint.Incidents.reposStringLogPoint Incidents Repos
LogPoint.Incidents.time_rangeStringLogPoint Incidents Time Range
LogPoint.Incidents.alert_obj_idStringLogPoint Incidents Alert Obj Id
LogPoint.Incidents.throttle_enabledBooleanLogPoint Incidents Throttle Enabled
LogPoint.Incidents.lastactionStringLogPoint Incidents Last Action
LogPoint.Incidents.descriptionStringLogPoint Incidents Description

Command Example#

!lp-get-incidents ts_from=1610700720 ts_to=1610700900 limit=5

Context Example#

{
"LogPoint": {
"Incidents": [
{
"alert_obj_id": "5fc8b1743dee69827459bc70",
"assigned_to": "5bebd9fdd8aaa42840edc853",
"comments": [],
"commentscount": 0,
"description": "",
"detection_timestamp": 1610700740.2248185,
"id": "600157c44a2018070b627f6a",
"incident_id": "8a676c39450e099b3512961d71ec4f7d",
"loginspect_ip_dns": "127.0.0.1",
"logpoint_name": "LogPoint",
"name": "Memory usages is greater than 50 percent",
"query": "\"col_type\"=\"filesystem\" use>=50",
"repos": [
"127.0.0.1:5504"
],
"risk_level": "medium",
"rows_count": 5,
"status": "unresolved",
"throttle_enabled": false,
"tid": "",
"time_range": [
1610700000,
1610700600
],
"type": "Alert",
"user_id": null,
"username": "5bebd9fdd8aaa42840edc853",
"visible_to": []
},
{
"alert_obj_id": "5fc8b1743dee69827459bc70",
"assigned_to": "5bebd9fdd8aaa42840edc853",
"comments": [
{
"comment": "Example Incident",
"time": 1610700910,
"title": "admin"
}
],
"commentscount": 0,
"description": "",
"detection_timestamp": 1610700860.245085,
"id": "6001583c4a2018070b627f6b",
"incident_id": "8a676c39450e099b3512961d71ec4f7d",
"lastaction": {
"action": "Commented",
"time": 1610700910,
"title": "admin"
},
"loginspect_ip_dns": "127.0.0.1",
"logpoint_name": "LogPoint",
"name": "Memory usages is greater than 50 percent",
"query": "\"col_type\"=\"filesystem\" use>=50",
"repos": [
"127.0.0.1:5504"
],
"risk_level": "medium",
"rows_count": 5,
"status": "unresolved",
"throttle_enabled": false,
"tid": "",
"time_range": [
1610700120,
1610700720
],
"type": "Alert",
"user_id": null,
"username": "5bebd9fdd8aaa42840edc853",
"visible_to": []
}
]
}
}

Human Readable Output#

Displaying all 2 incidents between 1610700720 and 1610700900#

typeincident_idnamedescriptionusernameuser_idassigned_tovisible_totidrows_countrisk_leveldetection_timestamploginspect_ip_dnslogpoint_namestatuscommentscommentscountqueryrepostime_rangealert_obj_idthrottle_enabledid
Alert8a676c39450e099b3512961d71ec4f7dMemory usages is greater than 50 percent5bebd9fdd8aaa42840edc8535bebd9fdd8aaa42840edc8535medium1610700740.2248185127.0.0.1LogPointunresolved0"col_type"="filesystem" use>=50127.0.0.1:55041610700000,
1610700600
5fc8b1743dee69827459bc70false600157c44a2018070b627f6a
Alert8a676c39450e099b3512961d71ec4f7dMemory usages is greater than 50 percent5bebd9fdd8aaa42840edc8535bebd9fdd8aaa42840edc8535medium1610700860.245085127.0.0.1LogPointunresolved{'title': 'admin', 'comment': 'Example Incident', 'time': 1610700910}0"col_type"="filesystem" use>=50127.0.0.1:55041610700120,
1610700720
5fc8b1743dee69827459bc70false6001583c4a2018070b627f6b

lp-get-incident-data#


Retrieves a Particular Incident's Data

Base Command#

lp-get-incident-data

Input#

Argument NameDescriptionRequired
incident_obj_idObject ID of a particular incident. It is the value contained in 'id' key of the incidents obtained from 'lp-get-incidents' command.Required
incident_idIncident Id of a particular incident. It is the value contained in 'incident_id' key of the incidents obtained from 'lp-get-incidents' command.Required
dateIncident Detection TImestamp. It is the value contained in 'detection_timestamp' key of the incidents obtained from 'lp-get-incidents' command.Required

Context Output#

PathTypeDescription
LogPoint.Incidents.data.useStringLogPoint Incidents Data Use
LogPoint.Incidents.data.usedStringLogPoint Incidents Data Used
LogPoint.Incidents.data.log_tsNumberLogPoint Incidents Data Log Ts
LogPoint.Incidents.data._type_strStringLogPoint Incidents Data Type Str
LogPoint.Incidents.data.msgStringLogPoint Incidents Data Msg
LogPoint.Incidents.data.totalStringLogPoint Incidents Data Total
LogPoint.Incidents.data.device_nameStringLogPoint Incidents Data Device Name
LogPoint.Incidents.data._offsetStringLogPoint Incidents Data Offset
LogPoint.Incidents.data.logpoint_nameStringLogPoint Incidents Data LogPoint Name
LogPoint.Incidents.data.repo_nameStringLogPoint Incidents Data Repo Name
LogPoint.Incidents.data.freeStringLogPoint Incidents Data Free
LogPoint.Incidents.data.source_nameStringLogPoint Incidents Data Source Name
LogPoint.Incidents.data.col_tsNumberLogPoint Incidents Data Col Ts
LogPoint.Incidents.data._tzStringLogPoint Incidents Data Tz
LogPoint.Incidents.data.norm_idStringLogPoint Incidents Data Norm Id
LogPoint.Incidents.data._identifierStringLogPoint Incidents Data Identifier
LogPoint.Incidents.data.collected_atStringLogPoint Incidents Data Collected At
LogPoint.Incidents.data.device_ipStringLogPoint Incidents Data Device IP
LogPoint.Incidents.data._fromV550StringLogPoint Incidents Data From V550
LogPoint.Incidents.data._enrich_policyStringLogPoint Incidents Data Enrich Policy
LogPoint.Incidents.data._type_numStringLogPoint Incidents Data Type Num
LogPoint.Incidents.data._type_ipStringLogPoint Incidents Data Type IP
LogPoint.Incidents.data.sig_idStringLogPoint Incidents Data Sig Id
LogPoint.Incidents.data.col_typeStringLogPoint Incidents Data Col Type
LogPoint.Incidents.data.objectStringLogPoint Incidents Data Object
LogPoint.Incidents.data._labelsStringLogPoint Incidents Data Labels
LogPoint.Incidents.data.source_addressStringSource Address
LogPoint.Incidents.data.destination_addressStringDestination Address
LogPoint.Incidents.data.workstationStringWorkstation
LogPoint.Incidents.data.domainStringDomain
LogPoint.Incidents.data.userStringUser
LogPoint.Incidents.data.caller_userStringCaller User
LogPoint.Incidents.data.target_userStringTarget User
LogPoint.Incidents.data.source_machine_idStringSource Machie Id
LogPoint.Incidents.data.destination_machine_idStringDestination Machine Id
LogPoint.Incidents.data.destination_portStringDestination Port
LogPoint.Incidents.data.event_typeStringEvent Type
LogPoint.Incidents.data.share_pathStringShare Path
LogPoint.Incidents.data.object_nameStringObject Name
LogPoint.Incidents.data.sub_status_codeStringSub Status Code
LogPoint.Incidents.data.object_typeStringObject Type
LogPoint.Incidents.data.request_methodStringRequest Method
LogPoint.Incidents.data.status_codeStringStatus Code
LogPoint.Incidents.data.received_datasizeStringReceived Datasize
LogPoint.Incidents.data.received_packetStringReceived Packet
LogPoint.Incidents.data.user_agentStringUser Agent
LogPoint.Incidents.data.sent_datasizeStringSent Datasize
LogPoint.Incidents.data.senderStringSender
LogPoint.Incidents.data.receiverStringReceiver
LogPoint.Incidents.data.datasizeStringDatasize
LogPoint.Incidents.data.fileStringFile
LogPoint.Incidents.data.subjectStringSubject
LogPoint.Incidents.data.statusStringStatus
LogPoint.Incidents.data.file_countStringFile Count
LogPoint.Incidents.data.protocol_idStringProtocol Id
LogPoint.Incidents.data.sent_packetStringSent Packet
LogPoint.Incidents.data.serviceStringService
LogPoint.Incidents.data.printerStringPrinter
LogPoint.Incidents.data.print_countStringPrint Count
LogPoint.Incidents.data.event_idStringEvent Id
LogPoint.Incidents.data.country_nameStringCountry Name
LogPoint.Incidents.data.hostStringHost
LogPoint.Incidents.data.hashStringHash
LogPoint.Incidents.data.hash_sha1StringHash SHA1
LogPoint.Incidents.data.agent_addressStringAgent Address
LogPoint.Incidents.data.attacker_addressStringAttacker Address
LogPoint.Incidents.data.broadcast_addressStringBroadcast Address
LogPoint.Incidents.data.client_addressStringClient Address
LogPoint.Incidents.data.client_hardware_addressStringClient Hardware Address
LogPoint.Incidents.data.destination_hardware_addressStringDestination Hardware Address
LogPoint.Incidents.data.destination_nat_addressStringDestination NAT Address
LogPoint.Incidents.data.device_addressStringDevice Address
LogPoint.Incidents.data.external_addressStringExternal Address
LogPoint.Incidents.data.gateway_addressStringGateway Address
LogPoint.Incidents.data.hardware_addressStringHardware Address
LogPoint.Incidents.data.host_addressStringHost Address
LogPoint.Incidents.data.interface_addressStringInterface Address
LogPoint.Incidents.data.lease_addressStringLease Address
LogPoint.Incidents.data.local_addressStringLocal Address
LogPoint.Incidents.data.nas_addressStringNas ddress
LogPoint.Incidents.data.nas_ipv6_addressStringNas_IPV6 Address
LogPoint.Incidents.data.nat_addressStringNAT Address
LogPoint.Incidents.data.nat_source_addressStringNAT Source Address
LogPoint.Incidents.data.network_addressStringNetwork Address
LogPoint.Incidents.data.new_hardware_addressStringNew Hardware Address
LogPoint.Incidents.data.old_hardware_addressStringOld Hardware Address
LogPoint.Incidents.data.original_addressStringOriginal Address
LogPoint.Incidents.data.original_client_addressStringOriginal Client Address
LogPoint.Incidents.data.original_destination_addressStringOriginal Destination Address
LogPoint.Incidents.data.original_server_addressStringOriginal Server Address
LogPoint.Incidents.data.original_source_addressStringOriginal Source Address
LogPoint.Incidents.data.originating_addressStringOriginating Address
LogPoint.Incidents.data.peer_addressStringPeer Address
LogPoint.Incidents.data.private_addressStringPrivate Address
LogPoint.Incidents.data.proxy_addressStringProxy Address
LogPoint.Incidents.data.proxy_source_addressStringProxy Source Address
LogPoint.Incidents.data.relay_addressStringRelay Address
LogPoint.Incidents.data.remote_addressStringRemote Address
LogPoint.Incidents.data.resolved_addressStringResolved Address
LogPoint.Incidents.data.route_addressStringRoute Address
LogPoint.Incidents.data.scanner_addressStringScanner Address
LogPoint.Incidents.data.server_addressStringServer Address
LogPoint.Incidents.data.server_hardware_addressStringServer Hardware Address
LogPoint.Incidents.data.source_hardware_addressStringSource Hardware Address
LogPoint.Incidents.data.start_addressStringStart Address
LogPoint.Incidents.data.supplier_addressStringSupplier Address
LogPoint.Incidents.data.switch_addressStringSwitch Address
LogPoint.Incidents.data.translated_addressStringTranslated Address
LogPoint.Incidents.data.virtual_addressStringVirtual Address
LogPoint.Incidents.data.virtual_server_addressStringVirtual Server Address
LogPoint.Incidents.data.vpn_addressStringVPN Address
LogPoint.Incidents.data.hash_lengthStringHash Length
LogPoint.Incidents.data.hash_sha256StringHash SHA256
LogPoint.Incidents.data.alternate_userStringAlternate User
LogPoint.Incidents.data.authenticated_userStringAuthenticated User
LogPoint.Incidents.data.authorized_userStringAuthorized User
LogPoint.Incidents.data.certificate_userStringCertificate User
LogPoint.Incidents.data.current_userStringCurrent User
LogPoint.Incidents.data.database_userStringDatabase User
LogPoint.Incidents.data.destination_userStringDestination User
LogPoint.Incidents.data.logon_userStringLogon User
LogPoint.Incidents.data.new_max_userStringNew Max User
LogPoint.Incidents.data.new_userStringNew User
LogPoint.Incidents.data.old_max_userStringOld Max User
LogPoint.Incidents.data.os_userStringOS User
LogPoint.Incidents.data.remote_userStringRemote User
LogPoint.Incidents.data.source_userStringSource User
LogPoint.Incidents.data.system_userStringSystem User
LogPoint.Incidents.data.target_logon_userStringTarget Logon User
LogPoint.Incidents.data.zone_userStringZone User

Command Example#

!lp-get-incident-data date=1610700740.2248185 incident_id=8a676c39450e099b3512961d71ec4f7d incident_obj_id=600157c44a2018070b627f6a

Context Example#

{
"LogPoint": {
"Incidents": {
"data": [
{
"_enrich_policy": "None",
"_fromV550": "t",
"_identifier": "0",
"_labels": [
"Metrics",
"Usage",
"Memory",
"LogPoint"
],
"_offset": 195673,
"_type_ip": "device_ip",
"_type_num": "log_ts col_ts free total use used sig_id _offset _identifier",
"_type_str": "msg col_type device_name collected_at device_ip source_name _tz _enrich_policy label norm_id object _fromV550 repo_name logpoint_name",
"_tz": "UTC",
"col_ts": 1610700549,
"col_type": "filesystem",
"collected_at": "LogPoint",
"device_ip": "127.0.0.1",
"device_name": "localhost",
"free": "1963",
"log_ts": 1610700541,
"logpoint_name": "LogPoint",
"msg": "2021-01-15_08:49:01 Metrics; Physical Memory; total=7977 MB; use=71.0%; used=5664 MB; free=1963 MB",
"norm_id": "LogPoint",
"object": "Physical Memory",
"repo_name": "_logpoint",
"sig_id": "10507",
"source_name": "/opt/immune/var/log/system_metrics/system_metrics.log",
"total": "7977",
"use": "71.0",
"used": "5664"
},
{
"_enrich_policy": "None",
"_fromV550": "t",
"_identifier": "0",
"_labels": [
"Metrics",
"Usage",
"Memory",
"LogPoint"
],
"_offset": 101372,
"_type_ip": "device_ip",
"_type_num": "log_ts col_ts free total use used sig_id _offset _identifier",
"_type_str": "msg col_type device_name collected_at device_ip source_name _tz _enrich_policy label norm_id object _fromV550 repo_name logpoint_name",
"_tz": "UTC",
"col_ts": 1610700428,
"col_type": "filesystem",
"collected_at": "LogPoint",
"device_ip": "127.0.0.1",
"device_name": "localhost",
"free": "1965",
"log_ts": 1610700421,
"logpoint_name": "LogPoint",
"msg": "2021-01-15_08:47:01 Metrics; Physical Memory; total=7977 MB; use=71.0%; used=5662 MB; free=1965 MB",
"norm_id": "LogPoint",
"object": "Physical Memory",
"repo_name": "_logpoint",
"sig_id": "10507",
"source_name": "/opt/immune/var/log/system_metrics/system_metrics.log",
"total": "7977",
"use": "71.0",
"used": "5662"
}
]
}
}
}

Human Readable Output#

Incident Data#

msguseusedlog_ts_type_strtotaldevice_name_offsetlogpoint_namerepo_namefreesource_namecol_ts_tznorm_id_identifiercollected_atdevice_ip_fromV550_enrich_policy_type_num_type_ipsig_idcol_typeobject_labels
2021-01-15_08:49:01 Metrics; Physical Memory; total=7977 MB; use=71.0%; used=5664 MB; free=1963 MB71.056641610700541msg col_type device_name collected_at device_ip source_name _tz _enrich_policy label norm_id object _fromV550 repo_name logpoint_name7977localhost195673LogPoint_logpoint1963/opt/immune/var/log/system_metrics/system_metrics.log1610700549UTCLogPoint0LogPoint127.0.0.1tNonelog_ts col_ts free total use used sig_id _offset _identifierdevice_ip10507filesystemPhysical MemoryMetrics,
Usage,
Memory,
LogPoint
2021-01-15_08:47:01 Metrics; Physical Memory; total=7977 MB; use=71.0%; used=5662 MB; free=1965 MB71.056621610700421msg col_type device_name collected_at device_ip source_name _tz _enrich_policy label norm_id object _fromV550 repo_name logpoint_name7977localhost101372LogPoint_logpoint1965/opt/immune/var/log/system_metrics/system_metrics.log1610700428UTCLogPoint0LogPoint127.0.0.1tNonelog_ts col_ts free total use used sig_id _offset _identifierdevice_ip10507filesystemPhysical MemoryMetrics,
Usage,
Memory,
LogPoint

lp-get-incident-states#


Displays incident states data between the provided two Timestamps ts_from and ts_to. By default, this command will display first 50 data of the past 24 hours but limit can be set to get desired number of incident states data.

Base Command#

lp-get-incident-states

Input#

Argument NameDescriptionRequired
ts_fromFrom Timestamp.Optional
ts_toTo Timestamp.Optional
limitNumber of incident states data to fetch. Accepts integer value.Optional

Context Output#

PathTypeDescription
LogPoint.Incidents.states.idStringLogPoint Incidents States Id
LogPoint.Incidents.states.statusStringLogPoint Incidents States Status
LogPoint.Incidents.states.assigned_toStringLogPoint Incidents States Assigned To
LogPoint.Incidents.states.commentsStringLogPoint Incidents States Comments

Command Example#

!lp-get-incident-states ts_from="1610700720" ts_to="1610700900" limit=5

Context Example#

{
"LogPoint": {
"Incidents": {
"states": [
{
"assigned_to": "5fd9d95769d3a4ea5684fccf",
"comments": [
{
"comment": "Example comment",
"time": 1610700740,
"title": "admin"
},
{
"comment": "Reassigned",
"time": 1610700745,
"title": "admin"
}
],
"id": "5fdc788ecf35d7ae0f6b791b",
"name": "Greater than 60",
"status": "unresolved"
},
{
"assigned_to": "5fd9d95769d3a4ea5684fccf",
"comments": [
{
"comment": "Reassigned",
"time": 1610700745,
"title": "admin"
}
],
"id": "5fdc788ecf35d7ae0f6b791c",
"name": "Memory use greater than 50",
"status": "unresolved"
}
]
}
}
}

Human Readable Output#

Displaying all 2 incident states data.#

idnameassigned_tostatuscomments
5fdc788ecf35d7ae0f6b791bGreater than 605fd9d95769d3a4ea5684fccfunresolved{'title': 'admin', 'comment': 'Example comment', 'time': 1610700740},
{'title': 'admin', 'comment': 'Reassigned', 'time': 1610700745}
5fdc788ecf35d7ae0f6b791cMemory use greater than 505fd9d95769d3a4ea5684fccfunresolved{'title': 'admin', 'comment': 'Reassigned', 'time': 1610700745}

lp-add-incident-comment#


Add comments to the incidents

Base Command#

lp-add-incident-comment

Input#

Argument NameDescriptionRequired
incident_obj_idObject ID of a particular incident. It is the value contained in 'id' key of the incidents obtained from 'lp-get-incidents' command.Required
commentComment to be added to the incidents.Required

Context Output#

PathTypeDescription
LogPoint.Incidents.commentStringLogPoint Incidents Comment

Command Example#

!lp-add-incident-comment comment="Example comment" incident_obj_id=600157c44a2018070b627f6a

Context Example#

{
"LogPoint": {
"Incidents": {
"comment": "Comments added"
}
}
}

Human Readable Output#

Comments added#

lp-assign-incidents#


Assigning/Re-assigning Incidents

Base Command#

lp-assign-incidents

Input#

Argument NameDescriptionRequired
incident_obj_idsObject ID of a particular incident. It is the value contained in 'id' key of the incidents obtained from 'lp-get-incidents' command. Multiple id can be provided by separating them using comma.Required
new_assigneeId of the user whom the incidents are assigned. It can be displayed using 'lp-get-users' command.Required

Context Output#

PathTypeDescription
LogPoint.Incidents.assignStringLogPoint Incidents Assign

Command Example#

!lp-assign-incidents incident_obj_ids="600157c44a2018070b627f6a,6001583c4a2018070b627f6b" new_assignee=5bebd9fdd8aaa42840edc853

Context Example#

{
"LogPoint": {
"Incidents": {
"assign": "Incidents re-assigned"
}
}
}

Human Readable Output#

Incidents re-assigned#

lp-resolve-incidents#


Resolves the Incidents.

Base Command#

lp-resolve-incidents

Input#

Argument NameDescriptionRequired
incident_obj_idsObject ID of a particular incident. It is the value contained in 'id' key of the incidents obtained from 'lp-get-incidents' command. Multiple id can be provided by separating them using comma.Required

Context Output#

PathTypeDescription
LogPoint.Incidents.resolveStringLogPoint Incidents Resolve

Command Example#

!lp-resolve-incidents incident_obj_ids="600157c44a2018070b627f6a,6001583c4a2018070b627f6b"

Context Example#

{
"LogPoint": {
"Incidents": {
"resolve": "Incidents resolved"
}
}
}

Human Readable Output#

Incidents resolved#

lp-close-incidents#


Closes the Incidents.

Base Command#

lp-close-incidents

Input#

Argument NameDescriptionRequired
incident_obj_idsObject ID of a particular incident. It is the value contained in 'id' key of the incidents obtained from 'lp-get-incidents' command. Multiple id can be provided by separating them using comma.Required

Context Output#

PathTypeDescription
LogPoint.Incidents.closeStringLogPoint Incidents Close

Command Example#

!lp-close-incidents incident_obj_ids="600157c44a2018070b627f6a,6001583c4a2018070b627f6b"

Context Example#

{
"LogPoint": {
"Incidents": {
"close": "Incidents closed"
}
}
}

Human Readable Output#

Incidents closed#

lp-reopen-incidents#


Re-opens the closed incidents

Base Command#

lp-reopen-incidents

Input#

Argument NameDescriptionRequired
incident_obj_idsObject ID of a particular incident. It is the value contained in 'id' key of the incidents obtained from 'lp-get-incidents' command. Multiple id can be provided by separating them using comma.Required

Context Output#

PathTypeDescription
LogPoint.Incidents.reopenStringLogPoint Incidents Reopen

Command Example#

!lp-reopen-incidents incident_obj_ids="600157c44a2018070b627f6a,6001583c4a2018070b627f6b"

Context Example#

{
"LogPoint": {
"Incidents": {
"reopen": "Incidents reopened"
}
}
}

Human Readable Output#

Incidents reopened#

lp-get-users#


Gets Incident users and user groups.

Base Command#

lp-get-users

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
LogPoint.Incidents.users.idStringLogPoint Incidents Users Id
LogPoint.Incidents.users.nameStringLogPoint Incidents Users Name
LogPoint.Incidents.users.usergroupsStringLogPoint Incidents Users Usergroups

Command Example#

!lp-get-users

Context Example#

{
"LogPoint": {
"Incidents": {
"users": [
{
"id": "5bebd9fdd8aaa42840edc853",
"name": "admin",
"usergroups": [
{
"id": "5bebd9fdd8aaa42840edc84f",
"name": "LogPoint Administrator"
}
]
},
{
"id": "5fd9d95769d3a4ea5684fccf",
"name": "sbs",
"usergroups": [
{
"id": "5bebd9fdd8aaa42840edc850",
"name": "User Account Administrator"
},
{
"id": "5bebd9fdd8aaa42840edc84f",
"name": "LogPoint Administrator"
}
]
}
]
}
}
}

Human Readable Output#

Incident Users#

idnameusergroups
5bebd9fdd8aaa42840edc853admin{'id': '5bebd9fdd8aaa42840edc84f', 'name': 'LogPoint Administrator'}
5fd9d95769d3a4ea5684fccfsbs{'id': '5bebd9fdd8aaa42840edc850', 'name': 'User Account Administrator'},
{'id': '5bebd9fdd8aaa42840edc84f', 'name': 'LogPoint Administrator'}