Logz.io

Fetch & remediate security incidents identified by Logz.io Cloud SIEM.

Analytics & SIEM · Logz.io

Configuration parameters

  • isFetch — Fetch incidents
  • incidentType — Incident type
  • security_api_token — API token for Logz.io Security account
  • operational_api_token — API token for Logz.io Operations account
  • region — Region code of your Logz.io account
  • search — Filter by rule name
  • severities — Filter by rule severity
  • fetch_time — First fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes)
  • fetch_count — Max. number of incidents fetched per run
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (2)

  • logzio-get-logs-by-event-id

    Fetches the logs that triggered a security event in Logz.io Cloud SIEM.

  • logzio-search-logs

    Runs an Apache Lucene query on your Logz.io Operations account.