Logz.io

Details
Content
Dependencies
Version History

Logz.io Package to fetch alerts from logz.io and threat hunting

Integrate with Logz.io Cloud SIEM to automatically remediate security incidents identified by Logz.io and increase observability into incident details.
The integration allows Cortex XSOAR users to automatically remediate incidents identified by Logz.io Cloud SIEM using Cortex XSOAR Playbooks.
In addition, users can query Logz.io directly from Cortex XSOAR to investigate open questions or retrieve the logs responsible for triggering security rules.

What does this pack do?

Logz.io Handle Alert: used to handle alerts retrieved from Logz.io.
The playbook will retrieve the related events that generated the alert using the logzio-get-logs-by-event-id command
Logzio_Indicator_Hunting: This playbook queries Logz.io in order to hunt indicators such as

File Hashes
IP Addresses
Domains
URLS
And outputs the related users, IP addresses, host names for the indicators searched.

As part of this pack you will also get out of the box incident types and fields mapping for the information coming from Logz.io Cloud SIEM which are adjustable and customisable.

For more information. Visit our
Logz.io Website
Logz.io & Cortex XSOAR Integration doc

Integrate with Logz.io Cloud SIEM to automatically remediate security incidents identified by Logz.io and increase observability into incident details.
The integration allows Cortex XSIAM users to automatically remediate incidents identified by Logz.io Cloud SIEM using Cortex XSIAM Playbooks.
In addition, users can query Logz.io directly from Cortex XSIAM to investigate open questions or retrieve the logs responsible for triggering security rules.

What does this pack do?

File Hashes
IP Addresses
Domains
URLS
And outputs the related users, IP addresses, host names for the indicators searched.

As part of this pack you will also get out of the box incident types and fields mapping for the information coming from Logz.io Cloud SIEM which are adjustable and customisable.

For more information. Visit our
Logz.io Website
Logz.io & Cortex XSIAM Integration doc

Classifiers

Name	Description
Logz.io - Classifier	Classifies Logz.io alerts.
Logz.io - Incoming Mapper	Maps incoming Logz.io alerts fields.

Incident Fields

Name	Description
Logz.io Alert Summary	Alert Summary
Logz.io Tags	Alert Tags
Logz.io Alert Event ID	Alert Event ID
Logz.Io Alert ID	Alert ID

Incident Types

Name	Description
Logz.io Alert

Integrations

Name	Description
Logz.io (Partner Contribution)	Fetch & remediate security incidents identified by Logz.io Cloud SIEM.

Layouts

Name	Description
Logz.io Alert

Playbooks

Name	Description
Logz.io Indicator Hunting	This playbook queries Logz.io in order to hunt indicators such as File Hashes IP Addresses Domains \ URLS And outputs the related users, IP addresses, host names for the indicators searched.
Logz.Io Handle Alert	Handles a Logz.io Alert by retrieving the events that generated it.

Classifiers

Name	Description
Logz.io - Classifier	Classifies Logz.io alerts.
Logz.io - Incoming Mapper	Maps incoming Logz.io alerts fields.

Incident Fields

Name	Description
Logz.io Tags	Alert Tags
Logz.io Alert Summary	Alert Summary
Logz.Io Alert ID	Alert ID
Logz.io Alert Event ID	Alert Event ID

Incident Types

Name	Description
Logz.io Alert

Integrations

Name	Description
Logz.io (Partner Contribution)	Fetch & remediate security incidents identified by Logz.io Cloud SIEM.

Playbooks

Name	Description
Logz.io Indicator Hunting	This playbook queries Logz.io in order to hunt indicators such as File Hashes IP Addresses Domains \ URLS And outputs the related users, IP addresses, host names for the indicators searched.
Logz.Io Handle Alert	Handles a Logz.io Alert by retrieving the events that generated it.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.1.19 - R828628 (February 14, 2024)

Integrations

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32212

Download

1.1.18 - 733853 (January 2, 2024)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31878

Download

1.1.17 - 6190939 (August 30, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29318

Download

1.1.16 - 5914533 (July 31, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28612

Download

1.1.15 - R5801668 (July 18, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27779

Download

1.1.14 - 5371916 (May 26, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27001

Download

1.1.13 - 5226855 (May 9, 2023)

Integrations

Logz.io

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 26405

Download

1.1.12 - 5223322 (May 9, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26397

Download

1.1.11 - R5170573 (May 2, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25571

Download

1.1.10 - R4718798 (March 1, 2023)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24839

Download

1.1.9 - R4646022 (February 19, 2023)

Layouts

Logz.io Alert
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

1.1.8 - R3994332 (November 8, 2022)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.9.8.24399.

Related pull requests:
- 16329

Download

1.1.7 - 7561139 (September 12, 2021)

Integrations

Logz.io

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.1.6 - R410734 (August 12, 2021)

Integrations

Logz.io

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.1.5 - 376375 (June 3, 2021)

Integrations

Logz.io

Upgraded the Docker image to: demisto/python3:3.9.5.20070.

Download

1.1.4 - R264879 (January 10, 2021)

Layouts

Logz.io Alert
Maintenance and stability enhancements.

Download

1.1.3 - R229790 (December 22, 2020)

Integrations

Logz.io

Fixed integration argument bug when fetching event logs from Logz.io.

Download

1.1.2 - 201154 (November 25, 2020)

Integrations

Logz.io

Upgraded the Docker image to demisto/python3:3.8.6.13358.

Download

1.1.1 - R199815 (November 25, 2020)

Documentation and metadata improvements.

Download

1.1.0 - R180529 (November 9, 2020)

Integrations

Logz.io

Fix search logs with "human date"

Playbooks

Logz.io Indicator Hunting

Add a new hunting playbook

Download

PUBLISHER

Logz.io

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	November 9, 2020
Last Release	February 14, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.