# Sumo Logic ## Sumo Logic The Dropzone AI Platform integrates with [Sumo Logic](https://www.sumologic.com/), a cloud based machine data analytics product. Integrating Sumo Logic with Dropzone allows Dropzone to automatically investigate security incidents using the data within Sumo Logic. ### Create an API Key Sumo Logic requires an API key to enable. To obtain an API Key, do the following: * Log in as an administrator to the Sumo Logic at the appropriate URL, e.g. * In the bottom left hand corner of the Sumo Logic homepage, click on Administration > Security

* Click "Add Access Key"

* Name the Access Key something memorable, such as Dropzone AI, then click "Save"

* Copy the Access ID and Access Key shown for use later in the Dropzone UI where they are called "Access ID" and "Access Key" respectively, then click "Done"

### Enable Sumo Logic To enable the Data Source integration, you'll need the following information: | Dropzone Field | Source | | ---------------------- | -------------------------------------------------------- | | Access ID | The "Access ID" value you copied earlier | | Access Key | The "Access Key" value you copied earlier | | API Hostname | Your Sumo Logic API hostname, e.g. api.us2.sumologic.com | | Sumo Logic UI Hostname | Your Sumo Logic Hostname, e.g. service.us2.sumologic.com | To enable the Data Source integration, do the following: * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, navigate to Settings > Integrations

* Click "Available"

* In the Search bar, search Sumo Logic, then click "Configure"

* Under the Data Source header, input your Access ID, Access Key, and API Hostname

The Sumo Logic Data Source Configuration (pt 1)

* If you wish, you may exclude specific data [source categories](https://help.sumologic.com/docs/send-data/reference-information/metadata-naming-conventions/) from Dropzone investigations. To do so, in the "Ignored Source Categories" section, click "Add Item." Input the source categories you want Dropzone to ignore * If you wish, you may group data source categories together during Dropzone investigations. To do so, in the "Source Category Group Patterns" section, click "Add Item." Then input the categories you want Dropzone to treat as a single source using glob-style wildcards. Dropzone will automatically group [kubernetes](https://www.sumologic.com/help/docs/observability/kubernetes/) source categories with the pattern 'kubernetes//\*

The Sumo Logic Data Source Configuration (pt 2)

* Under "Lookup Tables," you may input specific Sumo Logic [lookup tables](https://help.sumologic.com/docs/search/lookup-tables/) to provide added contextual information in Dropzone's analysis. See the "Configure Lookup Tables for Enhanced Enrichment" section of this documentation for further information * Under "Views," you may input specific Sumo Logic [scheduled views](https://www.sumologic.com/help/docs/manage/scheduled-views/) to provide added contextual information in Dropzone's analysis. See the "Configure Views for Enhanced Enrichment" section of this documentation for further information

The Sumo Logic Data Source Configuration (pt 3)

* In the "Data Tiers" section, select which Sumo Logic [data tiers](https://help.sumologic.com/docs/manage/partitions/data-tiers/) you want Dropzone to be able to investigate. By default, only the Continuous tier is utilized

The Sumo Logic Data Source Configuration (pt 4)

* Click "Test & Save" to finish If you have any errors engage your Dropzone AI support representative. ### Configure Lookup Tables for Enhanced Enrichment Dropzone can leverage your existing Sumo Logic lookup tables to enhance security investigations with contextual organizational data. This enrichment helps Dropzone to better understand whether activity is legitimate or suspicious. Five types of lookup tables are supported for enrichment: IP addresses, user emails, domains, devices (id, hostname or ip), and file hashes. #### Configure Lookup Tables in Dropzone To configure lookup tables in your Sumo Logic Data Source integration, you'll need the following information: | Dropzone Field | Source | | ----------------- | ------------------------------------------------------------------------------------ | | Path | The Lookup Table Path in Sumo Logic - see below for instructions on how to locate it | | Type | The type of data the Lookup Table contains | | Primary Key Field | The [field name](https://help.sumologic.com/docs/manage/fields/) used for lookups | To obtain your Lookup Table Path, do the following: * In your Sumo Logic instance, navigate to the Library * Navigate to your lookup table location * Right-click on your desired lookup table and select "Copy Path"

Copy Path from Sumo Logic Library for Lookup Tables

To configure lookup tables in your Sumo Logic Data Source integration, do the following: * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, navigate to Settings > Integrations

* Click "Connected"

* In the Search bar, search Sumo Logic, then click on it

* Scroll down to the "Lookup Tables" section * Click "Add Item" * For each lookup table you wish to include, input their Path, Type, and Primary Key Field, then click "Add Item"

Sumo Logic Integration Configuration with Lookup Tables

* Click "Test & Save" to finish During security investigations, Dropzone will automatically query your configured lookup tables to enrich entities it encounters to provide contextual information. ## Configure Views for Enhanced Enrichment Dropzone can leverage your existing Sumo Logic views to enhance security investigations with contextual organizational data. This enrichment helps Dropzone to better understand whether activity is legitimate or suspicious. Five types of views are supported for enrichment: IP addresses, user emails, domains, devices (id, hostname or ip), and file hashes. #### Configure Views in Dropzone To configure scheduled views in your Sumo Logic Data Source integration, you'll need the following information: | Dropzone Field | Source | | -------------- | --------------------------------------------------------------------------------- | | Name | The View Name in Sumo Logic - see below for instructions on how to locate it | | View Type | The type of data the View contains | | View Field | The [field name](https://help.sumologic.com/docs/manage/fields/) used for lookups | To obtain your Lookup Table Path, do the following: * In the left side bar of your Sumo Logic instance, navigate to Manage Data > Logs

* Click "Scheduled Views" * Locate your desired view and copy the name

To configure views in your Sumo Logic Data Source integration, do the following: * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, navigate to Settings > Integrations

* Click "Connected"

* In the Search bar, search Sumo Logic, then click on it

* Scroll down to the "Views" section * Click "Add Item" * For each lookup table you wish to include, input their Name, Type, and View Field, then click "Add Item"

Sumo Logic Integration Configuration with Scheduled Views

* Click "Test & Save" to finish During security investigations, Dropzone will automatically query your configured scheduled views to enrich entities it encounters to provide contextual information. If you have any errors or questions, engage your Dropzone AI support representative. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dropzone.ai/integrations/data/sumo-logic_data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.