Jump to Content
Home
Guides
API Reference
Changelog
💬 Discussions
v1.0
Log In
API Reference
Log In
Moon (Dark Mode)
Sun (Light Mode)
v1.0
Home
Guides
API Reference
Changelog
💬 Discussions
Initiate Search
Search
JUMP TO
LogRhythm Admin Service API
lists
Get List Details
get
Create or Update List Summary
post
Get List Details and Items
get
Add Items to List
post
Remove Items From List
delete
identities
Get Identities
get
Update Identities
put
Get Identity Display Names *
get
Get Identity Identifiers *
get
Update or Create Bulk Identities
post
Search Identities *
post
Search Identity Summaries *
post
Get Identity
get
Update Identity
put
Update Identity Status
put
Update Identifier Status
put
Add Identifier to Identity
post
Merge Two Identities
post
Get Identity Photo
get
Get Merged Identities
get
identity lists
Get Identity From List
get
entities
List Entities
get
Update Entity
post
Create Entities From File
post
Get Entity Details
get
Create Hosts From File
post
Create Networks From File
post
hosts
Fetch Hosts Details
get
Create Host Record
post
Batch Update Hosts
put
Fetch Hosts
get
Change Status of Host
put
Add Host Role and User
post
Delete Host Role or User
delete
Get Host Details
get
Update Host
put
Update Host Id
post
Remove Host Identifiers
delete
networks
List Networks
get
Create Network
post
Batch Update Networks
put
Get Network Details
get
Update Network
put
users
Get User Permissions
get
List User Records
get
Create New User
post
List All User Logins
get
List User Privileges
get
Get User Login Details
get
Create User Login
post
Get User Details
get
Create User Profile
post
Get User Profile Details
get
Get User Profile Summary
get
Clone User Profile
post
Get User Profile Details by Id
get
Delete User Profile
delete
Get User Profile Privileges
get
Get User Profile Log Sources
get
knowledgebase
List Message Source Types
get
Create Message Source Type
post
Get Message Source Type Details
get
Update Message Source Type Details
put
Delete Message Source Type
delete
List MPE Policies
get
List MPE Policies summary.
get
List Log Source Virtualization Templates
get
Create a new log source virtualization template.
post
Edit a log source virtualization template.
put
Associate virtual log source with a log source virtualization template.
patch
Get Log Source Virtualization Template Detail
get
Dissociate LSV items from an LSV template.
delete
Get Log Source Virtualization Template Details
get
Create log source virtualization template item.
post
Delete log source virtualization template items.
delete
Edit log source virtualization template item.
put
Get Log Source Virtualization Template Detail
get
List Privileges
get
notification groups
List Notification Groups
get
Create Notification Group
post
Update Notification Group
put
Delete Notification Group
delete
List Users in Notification Group
get
Add Users to Notification Group
post
Remove Users From Notification Group
delete
logsources
List Accepted Log Sources
get
Create Log Source
post
Get Log Source Details
get
Update Log Source
put
Change Status of logsources
put
Update existing Logsource to enable virtualization.
put
List Pending Log Sources
get
Create Pending Log Source
post
Delete Pending LogSource
delete
Reject multiple pending logsources in batch.
put
Accept multiple pending logsources in batch.
put
Get Pending Log Source Details
get
Get matching logsources for a pending log source to associate
get
Accept pending LogSource by ID
put
Rejects a Pending Log Source.
put
Associate a pending Log Source.
put
agents
List Accepted Agents
get
Create Agent Record
post
Update Agent Record
put
List Summary of Accepted Agents
get
Get Agent By Id
get
List Agent Log Sources
get
List Pending Agent Requests
get
Delete Pending Agents
delete
Associate pending agent
put
Accept pending agent
put
Get Pending Agent
get
Reject Pending Agent
put
licenses
Get Licensed Entitlements *
get
List licenses
get
mperules
Fetch MPE Rule based on the provided MPE Rule Id
get
Retire/Activate MPE Rule based on the provided MPE Rule Id
patch
Fetch MPE Rules based on the provided query parameters
get
Create MPE Rule
post
Edit MPE Rule
put
beats
Get beat detail by beat Id available in the system
get
Update beat details of a beat available in the system
put
Get all beats details available in the system.
get
Create a new beat.
post
Fetch Beats Template
get
Fetch Beat Types
get
Updates heartbeat of beats
patch
Update status of beats based on beat IDs available in the system.
patch
openCollectors
Get all beats details available in the system associated to the given open collector id.
get
Updates Open Collector Heartbeat
patch
Creates a new open collector.
post
List all permissible open collector
get
Update status of one or multiple open collectors in the available in the system based on open collector Id.
patch
Get open collector by open collector id.
get
Updates an existing open collector.
put
locations
Provides all available locations.
get
Provides location details by location ID.
get
mpePolicies
Create a new MPE policy.
post
Delete MPE policies.
delete
Returns the MPE Policy based on the Id.
get
Edit an MPE Policy.
put
Returns the list of MPE rules by MPE policy id.
get
Get an MPE Rule on the basis of MPE Policy Id and MPE Rule Id.
get
Update an MPE Rule on the basis of MPE Policy Id and MPE Rule Id.
put
messagesourcedateformats
List Date Formats
get
Get Message Source Date Format
get
LogRhythm AIE Drill Down API
/drilldown/{alarmID}
Get Drill-Down Logs and Summary
get
/drilldown/{alarmID}/summary
Get Drill-Down Summary
get
LogRhythm Alarm API
alarms
Get alarm details by ID
get
Update Alarm Status and RBP
patch
Update Alarm Comments
post
Get alarm history details by ID and filter criteria
get
Get alarm details using filter criteria
get
Get alarm summary by alarmId
get
Get events by alarmId
get
Get Alarm Url
get
LogRhythm Case API
Case Summary
List Cases
get
Create Case
post
Get Case
get
Update Case
put
Change Case Status *
put
Case Metrics
Get Case Metrics
get
Update Case Metrics
put
Case Evidence
List Evidence
get
Add File Evidence
post
Add Alarm Evidence
post
Add Log Evidence
post
Add User Event Evidence
post
Add Note Evidence
post
Get Evidence
get
Update Evidence
put
Delete Evidence
delete
Get Evidence Progress
get
Download File Evidence
get
Get Evidence Logs Bytes
get
List User Events
get
Get Logs Index
get
Update Logs Index
put
Playbooks
List Playbooks
get
Create Playbook
post
Clone Playbook
post
Get Playbook
get
Update Playbook
put
Update Playbook (Partial)
patch
Delete Playbook
delete
Playbook Procedures
List Procedures
get
Update Procedures
put
Get Procedure
get
Playbook Attachments
List Attachments
get
Get Attachment
get
Link Attachment
put
Unlink Attachment
delete
Download Attachment
get
Playbook Import / Export
Import Playbook
post
Export Playbook
get
Files
Upload File
post
Get Whitelist
get
Get File Progress
get
Case Tags
Add Case Tags *
put
Remove Case Tags *
put
Case Collaborators
Get Case Collaborators
get
Update Case Collaborators
put
Add Case Collaborators *
put
Remove Case Collaborators *
put
Change Case Owner *
put
Associated Cases
List Associated Cases
get
Add Associated Cases
post
Remove Associated Cases
delete
Case History
List Case History *
get
Case Playbooks
List Playbooks
get
Add Playbook
post
Get Playbook
get
Update Playbook
put
Remove Playbook
delete
Case Playbook Procedures
List Procedures
get
Get Procedure
get
Update Procedure
put
List Procedures (All Cases)
get
Case Playbook Attachments
List Attachments
get
Get Attachment
get
Download Attachment
get
Global History
List Global History *
get
Logs Indexes
List Logs Indexes (All Cases)
get
Tags
List Tags
get
Create Tag
post
Get Tag
get
Delete Tag
delete
Capabilities
Get Capabilities
get
Users
List People *
get
Get Person *
get
List Collaborators *
get
List Owners *
get
Feature Flags
Get Feature Flags *
get
Maintenance
Run Log Evidence Maintenance *
post
LogRhythm Metrics API
Log Volume
Get Log Volume Details
post
TTL
Get TTL details
get
LogRhythm Search API
Search API
Initiate Search
post
Search Result
post
Initiate Search
post
https://example.com:8501/lr-search-api/actions/search-task
Language
Shell
Node
Ruby
PHP
Python
RESPONSE
Click
Try It!
to start a request and see the response here!
