Sumo Logic
Last updated
Was this helpful?
Last updated
Was this helpful?
This is a combined document for enabling the Dropzone AI Data Source and Alert Source for Sumo Logic.
The Dropzone AI Platform integrates with Sumo Logic, a cloud based machine data analytics product. Integrating Sumo Logic with Dropzone allows Dropzone to automatically investigate security incidents using the data within Sumo Logic.
Sumo Logic requires an API key to enable.
To obtain an API Key, do the following:
Login as an administrator to the Sumo Logic at the appropriate URL, e.g. http://service.sumologic.com
In the bottom left hand corner of the Sumo Logic homepage, click on Administration > Security
Click "Add Access Key"
Name the Access Key something memorable, such as Dropzone AI, then click "Save"
Copy the Access ID and Access Key shown for use later in the Dropzone UI where they are called "Access ID" and "Access Key" respectively, then click "Done"
To enable the Data Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Data Sources" in the top left corner
In the SIEM section, find the Sumo Logic tile and click "Connect"
Input the API key and API Secret
Under "Ignored Source Categories" section, you may click "Add Item" and input source categories to ignore. Dropzone will not query source categories in the "Ignored Source Categories" section
Click "Test & Save"
If you have any errors engage your Dropzone AI support representative.
In addition to data source integration, Dropzone can be configured to monitor and investigate specific incident types from Sumo Logic.
To enable the Alert Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Alert Sources"
In the SIEM section, find the Sumo Logic tile and click "Connect"
Input the Access ID and Access Key
Under "Sumo Logic Alert Search Queries", you may click "Add Item" and input Sumo Logic-specific search query terms to select alerts to investigate
For example, if your MS Defender alerts are sent to a source category named msgraph-security, you would add the following query: _sourceCategory=msgraph-security
Click "Test & Save"
If you have any errors or questions, engage your Dropzone AI support representative.
