SmartResponse™ Automation Plugin Library

RespondX is LogRhythm’s security orchestration, automation, and response (SOAR) solution.

SmartResponse™ Automation is a RespondX feature that automates tasks for streamlined efficiency across the security response workflow.

Automated response workflows help empower your SOC team to accomplish more and reduce the time it takes to protect against evolving security threats. Activate the full potential of your SOC by using SmartResponse™ Automation for seamless execution of actions right at the source of your SIEM data and alarms, resulting in maximum productivity with minimum wasted effort or expense.

Download SmartResponse Data Sheet

Tested & Certified Plugins

LogRhythm SmartResponse Automation Plugins (SRPs) enable trusted workflows by packaging a collection of fully tested and certified prebuilt actions for third-party integrations. Look up integrations with your existing security solutions below:

Collaboration Plugins

demisto logo

Plugin creates an incident in Demisto and populates it with Alarm data from LogRhythm.

jira logo

Plugin creates a new Jira issue or updates an open issue with alarm details.

pagerduty logo

Plugin uses PagerDuty to create incidents, list on-call users, and run response plays on a specified incident.

pushover logo

Plugin sends push notifications with alarm details to applicable devices using Pushover.

servicenow logo

Plugin creates and manages incidents in ServiceNow to execute queries, add comments or notes, and close incidents. Plugin also syncs cases across LogRhythm Case Management and ServiceNow.

slack logo

Plugin sends alarm notifications with details to a Slack channel.

twilio logo

Plugin sends alarm notifications with details as SMS messages to applicable devices using Twilio.

Contextualization Plugins

VirusTotal logo

Plugin uses VirusTotal to scan domains, file hashes, IP addresses, and URLs for malicious content and generate reports.

Ixia Anue logo

Plugin uses Anue to forward a few hours of SPAN data containing all traffic to or from the host to a packet capture appliance.

BeyondTrust Retina logo

Plugin launches a vulnerability scan against a specified host using BeyondTrust Retina Network Security Scanner.

Cisco AMP Threat Grid logo

Plugin scans a file, domain, IP, hash, or process using Cisco Advanced Malware Protection AMP and Threat Grid.

cisco umbrella logo

Plugin pulls domain name information and blocks a domain or URL using Cisco Umbrella DNS.

cylance logo

Plugin pulls previous scan results and quarantines select files using Cylance.

forescout logo

Plugin pulls host information using Forescout CounterACT.

freq.py logo

Plugin tests text strings for entropy. A high score is commonly used to help expose generated names and identify malware using Freq.py.

HaveIBeenPwned logo

Plugin queries HaveIBeenPwned site to determine whether a given email address or user account name is associated with any breached websites.

Rapid7 NeXpose logo

Plugin launches a NeXpose vulnerability scan.

Nmap logo

Plugin launches a Nmap open-source network scan or query.

Microsoft Office365 logo

Plugin pulls O365 email message text, attachment information, and hyperlink details.

SentinelOne logo

Plugin initiates a scan, pulls host processes and application information, queries host status, hash reputation information, and blacklisting by hash using SentinelOne.

Tenable.io logo

Plugin launches a Tenable.io vulnerability scan against a specified IP address or hostname, displays scan results, and allows searches for vulnerability CVEs in scan results.

Remediation Plugins

Cisco pxGrid logo

Plugin uses VirusTotal to scan domains, file hashes, IP addresses, and URLs for malicious content and generate reports.

Cisco Meraki logo

Plugin uses Meraki to block or unblock hosts, enable or disable switch ports, display host information, and set host policy.

aruba logo

Plugin uses ClearPass to quarantine hosts by IP address, MAC address or an associated username.

Microsoft Windows User Log Off logo

Plugin queries any Windows system for all RDP sessions and terminates a specified user’s session.

Microsoft Active Directory Account Management logo

Plugin detects, enables, unlocks, or forces a password reset for Active Directory (AD) user accounts, and displays user information.

Microsoft Azure AD Account Management logo

Plugin disables, enables, displays info, and resets passwords for Azure AD accounts.

Carbon Black CB Defense logo

Plugin executes CB Defense status queries, directory look-ups, file/directory deletions, memory dumps, file retrieval, process look-ups and process termination on target hosts.

Carbon Black CB Response logo

Plugin executes CB Response host isolation, process termination, list all processes on a remote host, dump memory of a remote host, delete file on a remote host, and download file from remote host.

Check Point R80 logo

Plugin adds hosts, IP addresses, or IP ranges to groups in Check Point R80.

Cisco ASA Firewall logo

Plugin adds target IP address to specified security group for Cisco ASA Firewall.

Cisco ISE logo

Plugin quarantines a host based on IP, MAC Address, or Session ID using Cisco ISE.

CyberArk logo

Plugin pulls account history, forces credential changes, enables or disables users, and raises or lowers account security privileges using CyberArk Response Manager.

Windows Disable Local Account logo

Plugin disables a local Windows user on a remote machine.

EnCase Endpoint Security logo

Plugin captures a memory snapshot of target host and enables response actions using EnCase Endpoint Security.

Fortinet FortiGate logo

Plugin uses FortiGate to view group information and add IP addresses or domains to a group.

Infoblox logo

Plugin adds a FQDN or client IP address to the Infoblox Response Policy Zone.

Windows Kill Process logo

Plugin terminates Windows process.

Netskope logo

Plugin adds URLs, files, or SHA-256 hashes to the application blacklist using Netskope and maintains a local copy in the LogRhythm List Manager.

Okta logo

Plugin allows users to leverage Okta’s authentication, authorization, and user management capabilities to disable users, reset user passwords, and perform group membership actions, among other functions.

Palo Alto Networks logo

Plugin adds an IP or Fully Qualified Domain Name (FQDN) to an address group on a Palo Alto Firewall.

Windows Service Management logo

Plugin executes routine Windows service management tasks.