Humio

Overview

Humio is powerful and extremely useful for system administrators. It provides a fast, flexible platform for logs and server metrics. With Humio Cloud, your log entries and other metrics are sent to your own private, secure repository. You’ll then use the Humio web interface to analyze your data and to create alerts to let you know when events occur or parameters are exceeded.

The alerts can be later ingested by Fylamynt with this integration and relevant information can be retrieved actively in the middle of any investigation from Fylamynt.

Use Cases

The integration between Fylamynt and Humio lets you:

• Trigger a workflow in Fylamynt, when a specific Humio Alert goes into the state of ALERT.

• Search logs/metrics stored in Humio.

Configure Humio in Fylamynt

• Navigate to Settings > Integrations > Humio

• Configure a new integration instance

Details needed to set up Humio instance in Fylamynt:

Follow the steps listed below in your Humio Account to complete the configuration

1. Add Humio Cloud URL to Humio URL in Authorize Fylamynt panel. e.g. https://cloud.us.humio.com

2. In your Humio account, go to Manage Your Account --> Account Settings, and copy API Token. Add the copied API Token to Humio API Token field in Authorize Fylamynt panel.

3. Configure Fylamynt webhook in selected Humio repository.

   Go to a Humio repository --> Alerts --> Actions and create a New Action

   • Select Action Type as Webhook

   • Add Name

   • Copy the Fylamynt Webhook URL from Authorize Fylamynt panel and add in Endpoint URL

   • Select POST Method

   • Http Headers

     Header Name: Content-Type Header Value: application/json

     Header Name: x-api-key Header Value: add Webhook API Key value from Authorize Fylamynt panel.

     Instructions to get Fylamynt Webhook API Key value: Under Authorize Fylamynt, choose one of the Webhook API Key Name from the dropdown, and the corresponding Webhook API Key Value should be shown. If no options are available for the Webhook API Key Name, first go to Settings --> API Keys --> Manage Keys to Create a New API Key.

   • Use the Default Message Body Template

   • Click on Create Action

4. Configure a Humio Alert to use Webhook Action Go to a Humio repository --> Alerts -> Create Alert or Edit Alert -> In Alert "Action" select newly created Webhook "Action"

Integration Actions

You can add these actions in the Fylamynt workflow builder, as part of your workflow.

1. Humio Alert Trigger

2. Humio Search

Humio Alert Trigger

The integration node triggers the automatic execution of a workflow from a combined selection of a Humio Repository and an Alert.

When creating a workflow, you are presented with a wizard to select the trigger type to use.

• On the workflow page, select New Workflow

• Enter the name of the Workflow.

• Select the Humio trigger type.

• Click Create Workflow

Configure the automatic execution of a workflow

To automatically run workflows with the Humio Alert trigger, the incident type and assignment need to be configured. Follow the step-by-step instructions provided on the Incident Management - Automatic workflow execution page.

Humio Search

Integration node to run Humio search query in a Humio repository

Input

Output

Note:

• AWS SSM automation has restrictions on the size of the response object (~100 KB). If the query has a result greater than this value then a truncated result would be returned, and if S3 Bucket Name is provided then the whole result would be written to the bucket.

Action Example

• Drag and drop the Humio Search Action node onto the canvas

• Select the Humio Search Action node

• Select the Humio Repository name from the dropdown

• Enter the Query

• Add the Start Time

• Add the End Time

• Optionally, select the AWS Target Account Alias and S3 bucket name