Website Test Drive

Sumo Logic

This is a combined document for enabling the Sumo Logit AI Data Source and Alert Source.

The Dropzone AI Platform integrates with Sumo Logic, a cloud based machine data analytics product. Integrating Sumo Logic with Dropzone allows Dropzone to automatically investigate security incidents using the data within Sumo Logic.

Create an API Key

Sumo Logic requires an API key to enable.

To obtain an API Key, do the following:

  • Login as an administrator to the Sumo Logic at the appropriate URL, e.g. http://service.sumologic.com

  • In the bottom left hand corner of the Sumo Logic homepage, click on Administration > Security

Navigate to Administration

  • Click "Add Access Key"

Add access key

  • Name the Access Key something memorable, such as Dropzone AI, then click "Save"

Name and Save API

  • Copy the Access ID and Access Key shown for use later in the Dropzone UI where they are called "Access ID" and "Access Key" respectively, then click "Done"

Copy API Key and Secret

Enable the Dropzone Data Source Integration

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

Integrations Dropdown

  • Click "Data Sources" in the top left corner

Select the "Data Sources" button

  • In the SIEM section, find the Sumo Logic tile and click "Connect"

The Sumo Logic Data Source Tile

  • Input the API key and API Secret

  • Under "Ignored Source Categories" section, you may click "Add Item" and input source categories to ignore. Dropzone will not query source categories in the "Ignored Source Categories" section

The Sumo Logic Data Source Configuration

  • Click "Test & Save"

If you have any errors engage your Dropzone AI support representative.

Enable the Dropzone Alert Source Integration

In addition to data source integration, Dropzone can be configured to monitor and investigate specific incident types from Sumo Logic.

To enable the Alert Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

Integrations Dropdown

  • Click "Alert Sources"

Select the "Alert Sources" button

  • In the SIEM section, find the Sumo Logic tile and click "Connect"

The Sumo Logic Alert Source Tile

  • Input the Access ID and Access Key

  • Under "Sumo Logic Alert Search Queries", you may click "Add Item" and input Sumo Logic-specific search query terms to select alerts to investigate

    • For example, if your MS Defender alerts are sent to a source category named msgraph-security, you would add the following query: _sourceCategory=msgraph-security

The Sumo Logic Alert Source Configuration

  • Click "Test & Save"

If you have any errors or questions, engage your Dropzone AI support representative.

PreviousSplunkNextData Source Integrations

Last updated