Skip to main content
Skip table of contents

Develop SmartResponse Plugins

Creating a SmartResponse plugin is an advanced procedure. You must be familiar with XML and with writing executable scripts. For help creating a SmartResponse plugin, please contact your Customer Relationship Manager (CRM) or Professional Services Engineer.

LogRhythm’s SmartResponse® Plugin (SRP) framework delivers an extensible mechanism for responding to security and operational incidents. An analyst can execute SmartResponse Plugins manually, or the SIEM can execute them automatically based on a particular alarm. Depending on configuration, the action can be executed under the context of the Platform Manager (via the Alarm and Response Manager (ARM) service), or remotely under the context of a specific System Monitor.

SmartResponse plugins are used in Security Orchestration Automation and Response (SOAR) in the following distinct ways:

  • Context enrichment. SRPs can be launched directly from the web console in the Analyzer grid. Generally, SRPs used in this fashion are designed to provide additional context on an alarm or log message. The SRP's primary function is to gather some external data that adds additional context to the source object. Typical examples include running an IP address through a reputation service like VirusTotal.
  • Remediation. SRPs were originally designed for remediation of threats. Therefore, there are references to remediation actions throughout the configuration. A SRP focused on remediation has a primary function of completing an action to change the environment. For example, an SRP that integrates with a Firewall vendor might change the Firewall settings as a result of an alarm from a threat feed, or in response to a ransomware attack.

Both types of SmartResponse Plugins follow the same development and packaging process. The only difference is that a context SRP will typically write out information to standard out, whereas a remediation plugin may not write out any messages at all.

This guide is divided into the following sections to help you learn how to develop and deploy custom SmartResponse Plugins:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close