Energy Logserver Integration

Energy Logserver uses its Alert module to forward detections to Energy SOAR as cases. The integration requires an API key from Energy SOAR Base and a configuration entry in the Alert service on the Logserver side.

Get the API key

In Energy SOAR Base, retrieve the API key for socuser@energysoar.local. The key is available in the user management section of the Base interface (https://<Energy_SOAR_IP>/base).

Configure the Alert module

On the Energy Logserver host, add the following block to /opt/alert/config.yaml:

hive_connection:
  hive_host: https://<Energy_SOAR_IP>/base
  hive_apikey: <api_key>

Replace <Energy_SOAR_IP> with the IP address or hostname of the Energy SOAR server and <api_key> with the key retrieved in the previous step.

Restart the Alert service

# systemctl restart alert

After the restart, rules that have a Hive action configured will create cases in Energy SOAR Base automatically.