Sumo Logic

This is a combined document for enabling the Dropzone AI Data Source and Alert Source for Sumo Logic.

The Dropzone AI Platform integrates with Sumo Logic, a cloud based machine data analytics product. Integrating Sumo Logic with Dropzone allows Dropzone to automatically investigate security incidents using the data within Sumo Logic.

Create an API Key

Sumo Logic requires an API key to enable.

To obtain an API Key, do the following:

Login as an administrator to the Sumo Logic at the appropriate URL, e.g. http://service.sumologic.com
In the bottom left hand corner of the Sumo Logic homepage, click on Administration > Security

Click "Add Access Key"

Name the Access Key something memorable, such as Dropzone AI, then click "Save"

Copy the Access ID and Access Key shown for use later in the Dropzone UI where they are called "Access ID" and "Access Key" respectively, then click "Done"

Enable the Dropzone Data Source Integration

To enable the Data Source integration, do the following:

Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations

Click "Data Sources" in the top left corner

In the SIEM section, find the Sumo Logic tile and click "Connect"

Input the API key and API Secret
Under "Ignored Source Categories" section, you may click "Add Item" and input source categories to ignore. Dropzone will not query source categories in the "Ignored Source Categories" section

Click "Test & Save"

If you have any errors engage your Dropzone AI support representative.

Enable the Dropzone Alert Source Integration

In addition to data source integration, Dropzone can be configured to monitor and investigate specific incident types from Sumo Logic.

To enable the Alert Source integration, do the following:

Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations

Click "Alert Sources"

In the SIEM section, find the Sumo Logic tile and click "Connect"

Input the Access ID and Access Key
Under "Sumo Logic Alert Search Queries", you may click "Add Item" and input Sumo Logic-specific search query terms to select alerts to investigate
- For example, if your MS Defender alerts are sent to a source category named msgraph-security, you would add the following query: _sourceCategory=msgraph-security

Click "Test & Save"

If you have any errors or questions, engage your Dropzone AI support representative.

PreviousSplunk NextAlert Integrations

Last updated 4 months ago

Was this helpful?