LibreNMS
LAST UPDATED: 09/17/2024
Overview
LibreNMS is an open-source network monitoring and management platform used to monitor the health, performance, and availability of various network devices, services, and infrastructure components within an organization's network.
D3 SOAR is providing REST operations to function with LibreNMS.
LibreNMS is available for use in:
D3 SOAR | V16.8+ |
Category | IT and Infrastructure |
Deployment Options |
Connection
To connect to LibreNMS from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The API server URL for the LibreNMS instance at the domain level. | http://***.***.***.***/overview |
API Version | The version of the LibreNMS API. | v0 |
API Token | The API Token obtained from the LibreNMS web interface for authentication. | ***** |
Configuring LibreNMS to Work with D3 SOAR
API Tokens can be created directly from within the LibreNMS web interface.
Login to the LibreNMS web interface.
Navigate to Settings > API > API Settings.
Click on the Create API access token button.
Choose the user for whom you wish to generate the token.
(Optional) Enter a description.
Click on the Create API Token button.
Configuring D3 SOAR to Work with LibreNMS
Log in to D3 SOAR.
Find the LibreNMS integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type LibreNMS in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to LibreNMS.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the checkbox to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Server URL.
2. Copy the API Token from the LibreNMS platform.
3. Input the API Version. The default value is v0.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
LibreNMS includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the LibreNMS API, please refer to the LibreNMS API reference.
Note for Time-related parameters
The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format.
After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.
Acknowledge Alerts
Acknowledges the specified alert(s) by alert ID(s).
READER NOTE
Alert IDs is a required parameter to run this command.
Run the List Alerts command to obtain the Alert IDs. Alert IDs can be found in the raw data at the path $.alerts[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Alert IDs | Required | The IDs of the alerts to acknowledge. Alert IDs can be obtained using the List Alerts command. | [ 1 ] |
Note | Optional | The note to add to the alert(s). | Note for Ack |
Until Clear | Optional | If set to True, the alerts are acknowledged until they are cleared. If set to False, the alerts will trigger again if they worsen or improve.The default value is True. | False |
Output
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Acknowledge Alerts failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Bad Request. |
Error Sample Data Acknowledge Alerts failed. Status Code: 400. Message: Bad Request. |
Get Alerts
Retrieves the details of the specified alert(s) using the provided alert ID(s).
READER NOTE
Alert IDs is a required parameter to run this command.
Run the List Alerts command to obtain the Alert IDs. Alert IDs can be found in the raw data at the path $.alerts[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Alert IDs | Required | An array of IDs, each corresponding to an alert for which details are to be retrieved. Alert IDs can be obtained using the List Alerts command. | [ 1 ] |
Output
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Alerts failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Bad Request. |
Error Sample Data Get Alerts failed. Status Code: 400. Message: Bad Request. |
Get Device Inventory
Retrieves the flattened inventory for the specified device(s), including all inventory items regardless of their hierarchical structure. This is particularly useful for devices with nested components.
READER NOTE
Device Names is a required parameter to run this command.
Run the List Devices command to obtain the Device Names. Device Names can be found in the raw data at the path $.devices[*].hostname.
Input
Input Parameter | Required/Optional | Description | Example |
Device Names | Required | The device host names or device IDs used to retrieve inventory. Device Names can be obtained using the List Devices command. | [ "hostname1" ] |
Output
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Device Inventory failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Bad Request. |
Error Sample Data Get Device Inventory failed. Status Code: 400. Message: Bad Request. |
List Alert Rules
Retrieves all alert rules.
Input
N/A
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Alert Rules failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Server URL is not valid in format. |
Error Sample Data List Alert Rules failed. Status Code: 400. Message: Server URL is not valid in format. |
List Alerts
Retrieves all alerts that match the search criteria. The returned alerts are sorted by timestamp in descending order.
READER NOTE
Alert Rule is a required parameter to run this command.
Run the List Alert Rules command to obtain the Alert Rule. Alert Rules can be found in the raw data at the path $.rules[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Alert State | Optional | Filters the alerts by state. The options are:
By default, alerts in all states will be returned. | Alert |
Severity | Optional | Filters the alerts by severity. The options are:
By default, alerts in all severities will be returned. | Critical |
Alert Rule | Optional | Filters the alerts by alert rule ID. By default, alerts triggered by any rule ID will be returned. Alert Rule can be obtained using the List Alert Rules command. | 49 |
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Alerts failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Server URL is not valid in format. |
Error Sample Data List Alerts failed. Status Code: 400. Message: Server URL is not valid in format. |
List Devices
Retrieves a list of devices matching search criteria. The returned devices are sorted by Host Name in alphabetical order.
Input
Input Parameter | Required/Optional | Description | Example |
Type | Optional | Filters the devices by type. By default, the value is All. | Search By Host Name |
Search Value | Optional | The value of a device field to filter by when a specific Search By option was selected in the Type parameter. For instance, if Search By IPv4 was selected, enter the IPv4 address of the device being queried. | ***.***.***.*** |
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Devices failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Bad Request. |
Error Sample Data List Devices failed. Status Code: 400. Message: Bad Request. |
List Locations
Retrieves the list of locations.
Input
N/A
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Locations failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Server URL is not valid in format. |
Error Sample Data List Locations failed. Status Code: 400. Message: Server URL is not valid in format. |
List Logs
Retrieves all logs or logs for a specific device. The log items are sorted by log time in descending order.
READER NOTE
Device Name is a required parameter to run this command.
Run the List Devices command to obtain the Device Name. Device Names can be found in the raw data at the paths $.devices[*].hostname or $.devices[*].device_id.
Input
Input Parameter | Required/Optional | Description | Example |
Log Type | Required | The type log to retrieve. The options are: Event Log
| Event Log |
Device Name | Optional | The device host name(s) or device ID(s) used to retrieve logs. Device Name can be obtained using the List Devices command. By default, all logs will be returned. This parameter is not applicable to Auth Log. | hostname1 |
Start Time | Optional | The starting date and time for the search (in UTC). | 2024-04-29 17:44:00 |
End Time | Optional | The ending date and time for the search (in UTC). | 2024-04-29 17:45:00 |
Limit | Optional | The limit on the number of results to be returned, which must be between 1 and 1000. By default, all logs matching the search criteria will be returned. | 3 |
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Logs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Start Time or End Time parameter(s) not valid, End Time cannot be earlier than Start Time. |
Error Sample Data List Logs failed. Status Code: 400. Message: Start Time or End Time parameter(s) not valid, End Time cannot be earlier than Start Time. |
Unmutes Alerts
Unmutes the specified alert(s) by alert ID(s).
READER NOTE
Alert IDs is a required parameter to run this command.
Run the List Alerts command to obtain the Alert IDs. Alert IDs can be found in the raw data at the path $.alerts[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Alert IDs | Required | The ID(s) of the alert(s) to unmute. Alert ID can be obtained using the List Alerts command. | [ 1 ] |
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Unmutes Alerts failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Server URL is not valid in format. |
Error Sample Data Unmutes Alerts failed. Status Code: 400. Message: Server URL is not valid in format. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the LibreNMS portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Server URL is not valid in format. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 400. Message: Server URL is not valid in format. |