Version: 2.14.1

LogicMonitor Zero Trust Alert Integration

Free integration setupWe’ll install and validate this for you.

Support Statement

DISCLAIMER

This documentation is provided "as is" without support for 3rd party software. The level of support for this integration guide is best effort without any SLA on response time. No 3rd party product support can be provided by Superna directly. 3rd party components require support contracts. See EULA for more details.

Overview

Customers using LogicMonitor can leverage this integration to send real-time Zero Trust alerts using webhooks and maintain full payload parsing using JSON-defined fields. The LogicMonitor Alert Ingestion Connector capability within the platform allows inbound webhook JSON payloads to be parsed within the SIEM.

Limitations

This guide does not provide configuration for routes, pipelines, or destinations. You must independently configure where alert data should be routed and sent to destinations.

Solution Overview

Superna Data Security Edition Zero Trust API is the cornerstone technology used to integrate with SIEM and SOAR platforms. This integration maps Zero Trust alerts to the LogicMonitor platform.

Features

Sends over webhook HTTPS

What Is LogicMonitor?

LogicMonitor is a SaaS-based, AI-powered hybrid infrastructure monitoring and observability platform. It provides unified visibility into servers, networks, clouds, and applications, allowing IT teams to detect issues, automate responses, and prevent downtime. It uses agentless collectors to monitor data centers, cloud (AWS, Azure, GCP), and legacy infrastructure.

Integration Architecture

LogicMonitor integration architecture

Solution Configuration in LogicMonitor and Data Security Edition Zero Trust

Prerequisites

Installed Data Security Edition subscription product
Eyeglass OS appliance version 15.5 — verify with cat /etc/os-release
License key for the Zero Trust API
LogicMonitor instance

Configuration in LogicMonitor Endpoint

To configure webhook events, you need the following:

An API Only User in LogicMonitor with Manage permission for Logs & Traces
An appropriate webhook name — for example, Superna_Webhook
A valid Receiver URL (Callback URL) to the LogicMonitor portal:
```
https://portalname.logicmonitor.com/rest/api/v1/webhook/ingest/sourceName
```
- The sourceName is included in webhook messages to identify the origin of the data
- You can also configure a LogSource to filter by sourceName
- Each sourceName should be unique — for example, Superna+CustomerName
Bearer Token assigned to the API Only User, configured for authentication:
- HTTP Header Key: Authorization
- HTTP Header Value: Bearer <BearerTokenHere>
note
The word Bearer, followed by a single space, must precede the LogicMonitor Bearer Token.
Create a Log Source with the name Superna

Configuration Steps on Eyeglass Virtual Machine to Install the Feature Pak

Download the Feature Pak from the Superna Support site.
Copy the .run file to the Eyeglass VM using WinSCP or SCP.

chmod 777 <feature-pak-filename>.run

./<filename>.run

Enter the following values into the Text User Interface (TUI). Press Esc after entering inputs, press V to validate, and press I to install. Follow the on-screen instructions.

LM_SOURCE_NAME = "superna"    # matches the log source created above
LM_ACCOUNT = "accountnamehere"  # your account name visible in your instance URL
LM_BEARER_TOKEN = "yy"        # the bearer token from the steps above

Configure Data Security Edition Zero Trust Webhooks

Navigate to Integrations → Webhooks and configure the Zero Trust endpoint.

Recommended Configuration
Send only Critical and Major events, and only webhooks that set lockout or delayed lockout. The goal is to send findings rather than a list of alarms that do not pinpoint a security incident. Customers can customize based on specific requirements.
The endpoint URL uses localhost and sends webhooks to the application service listening on port 5000:
```
http://localhost:5000/webhook
```
Add the Content-Type header with value application/json to complete the webhook configuration.
Click Save to commit the configuration.
Click Save on the main Webhook configuration page.

How to Test the Integration with LogicMonitor

Download the curl command template and open it with a text editor.
Copy all the text.
SSH to the Eyeglass VM as the admin user.
Paste the entire CLI command to the SSH prompt to send sample data to the running Zero Trust application. This sends test data directly to the application to be processed and sent to LogicMonitor.

A successfully processed webhook test returns the following text in the SSH terminal:

done sending event to abssiem and check for http 200 and success count in response

To review the process logs from the web application:

sudo -s

journalctl -f -u logicmonitor

To log to a file and review with nano, showing only the most recent 250 lines:

journalctl -f -n 250 -u logicmonitor > /tmp/ztwebhook.log

nano /tmp/ztwebhook.log

The response code from the LogicMonitor API call should show a successful sending status code.

LogicMonitor Administrator Integration Experience

Once the integration is complete, you can search for Superna log messages in the LogicMonitor interface to verify ingested events and build monitoring rules and alerts.

Support Statement​

Overview​

Limitations​

Solution Overview​

Features​

What Is LogicMonitor?​

Integration Architecture​

Solution Configuration in LogicMonitor and Data Security Edition Zero Trust​

Prerequisites​

Configuration in LogicMonitor Endpoint​

Configuration Steps on Eyeglass Virtual Machine to Install the Feature Pak​

Configure Data Security Edition Zero Trust Webhooks​

How to Test the Integration with LogicMonitor​

LogicMonitor Administrator Integration Experience​