Sumo Logic Integration
Steps to Integrate
Section titled “Steps to Integrate”Step 1: Create a Webhook
Section titled “Step 1: Create a Webhook”- Visit the Webhooks page in AIR,
- Click the ”+ New Webhook” button on the upper right corner,
- Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
- Select “Sumo Logic: Generic Sumo Logic Webhook Parser” as the parser for this webhook,
- Select an Acquisition Profile,
- Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
- Click the “Save” button,
- Hover your mouse over the link below the Webhook name and double-click to copy
Step 2: Configure Sumo Logic SIEM
Section titled “Step 2: Configure Sumo Logic SIEM”On the left pane, click “Manage Data” then “Monitoring”, and alter “Connections”.
- Give a name to webhook,
- Write a description (optional),
- Paste Webhook URL, you copied in Step 1,
- Type your payload*: [“{{ResultsJson.client_ip}}”]
- Save and exit.
For more information, please visit here.