Skip to main content

Logz.io

Logz.io Package to fetch alerts from logz.io and threat hunting

Integrate with Logz.io Cloud SIEM to automatically remediate security incidents identified by Logz.io and increase observability into incident details.
The integration allows Cortex XSOAR users to automatically remediate incidents identified by Logz.io Cloud SIEM using Cortex XSOAR Playbooks.
In addition, users can query Logz.io directly from Cortex XSOAR to investigate open questions or retrieve the logs responsible for triggering security rules.

What does this pack do?

Logz.io Handle Alert: used to handle alerts retrieved from Logz.io.
The playbook will retrieve the related events that generated the alert using the logzio-get-logs-by-event-id command
Logzio_Indicator_Hunting: This playbook queries Logz.io in order to hunt indicators such as

  • File Hashes
  • IP Addresses
  • Domains
  • URLS
    And outputs the related users, IP addresses, host names for the indicators searched.

As part of this pack you will also get out of the box incident types and fields mapping for the information coming from Logz.io Cloud SIEM which are adjustable and customisable.

For more information. Visit our
Logz.io Website
Logz.io & Cortex XSOAR Integration doc

PUBLISHER

Logz.io

INFO

CertificationRead more
Supported ByPartner
CreatedNovember 9, 2020
Last ReleaseDecember 21, 2021
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.