Response Integration Troubleshooting

Introduction

This article provides information on the steps to follow in case of integration issues in the response panel.

 

Response Debug

In Logsign's event management panel or alarm action rules, you can configure an action model with many security products. However, sometimes integration problems occur, such as authorization, network, etc.

Let's explain this situation with some example scenarios:

  • Your alarm is triggered, but IP blocking is not performed.
  • Your alarm is triggered, but your user is not disabled.
  • Your alarm is triggered, but you cannot use reputation platforms.

In such cases, you should first check the Logsign-integration-engine traffic logs, and ensure that Logsign sends the request packet to these products by viewing the traffic, and configure the necessary permissions if there are any blocking situations.

If you cannot view the traffic log, you can proceed as follows:

Many of Logsign's response products communicate with API protocol. Logsign-integration-engine service provides communication with the API.

You should check the Logsign-integration-engine service:

journalctl -u logsign-integration-engine -f

1.png

If it returns a result like the one shown in the image above, there is a network problem. In this case, you should check your integration settings.

You can check user authorization or network issues from the logsign-integration-engine service's output.

Let's explain the mail integration issues with an example:

If the mail notification is not provided despite the alarm being triggered, let's check our mail integration:

journalctl -u logsign-action-rule-worker* -f

You should check the logsign-action-rule-worker service with the command above.

2.png

You can control mail address errors or SMTP server access problems from these service logs.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.