Dropzone AI Documentation
WebsiteTest Drive
  • Dropzone Documentation
  • Overview
    • Alert Sources
    • Data Sources
    • Communicators
    • On-prem Support - Dropzone Connector
    • Interactive Chat
    • Metrics Guide
  • Dropzone Administraton
    • Team Admin
      • Google Workspace SAML
      • Okta SAML
  • Dropzone Integrations
    • Alert + Data Source Integrations
      • Amazon Web Services (AWS)
        • Cross-Account Access via CloudFormation
        • Cross-Account Access via Console
      • CrowdStrike
      • Datadog
      • Elasticsearch
      • Google Workspace
      • Google GCP
      • Jira
      • Microsoft 365 / Microsoft Defender
      • Palo Alto Networks Firewall
      • Panther
      • SentinelOne
      • Splunk
      • Sumo Logic
    • Alert Integrations
      • Gem
    • Communicators
      • Slack Communicator
    • Data Source Integrations
      • AbuseIPDB
      • Active Directory (LDAP)
      • Archive Inspector
      • Blocklist.de
      • CAPA
      • Censys
      • Crowdstrike Falcon Intelligence
      • DNSResolver
      • File
      • GreyNoise
      • Hybrid Analysis
      • Host.io
      • IPInfo.io
      • IPQualityScore
      • MalwareBazaar
      • Nuclei
      • NVD
      • Okta
      • oletools
      • OpenSSL Sign Code
      • PDF Analysis
      • Perplexity AI
      • PhishTank
      • Shodan
      • TShark
      • QRadar
      • UnshortenMe
      • URLhaus
      • Urlscan.io
      • VirusTotal
      • Vision
      • WHOIS
      • YARAify
Powered by GitBook
On this page
  • Create an API Key
  • Enable the Dropzone Data Source Integration
  • Enable the Dropzone Alert Source Integration

Was this helpful?

  1. Dropzone Integrations
  2. Alert + Data Source Integrations

Sumo Logic

PreviousSplunkNextAlert Integrations

Last updated 7 months ago

Was this helpful?

This is a combined document for enabling the Dropzone AI Data Source and Alert Source for Sumo Logic.

The Dropzone AI Platform integrates with Sumo Logic, a cloud based machine data analytics product. Integrating Sumo Logic with Dropzone allows Dropzone to automatically investigate security incidents using the data within Sumo Logic.

Create an API Key

Sumo Logic requires an API key to enable.

To obtain an API Key, do the following:

  • Login as an administrator to the Sumo Logic at the appropriate URL, e.g.

  • In the bottom left hand corner of the Sumo Logic homepage, click on Administration > Security

  • Click "Add Access Key"

  • Name the Access Key something memorable, such as Dropzone AI, then click "Save"

  • Copy the Access ID and Access Key shown for use later in the Dropzone UI where they are called "Access ID" and "Access Key" respectively, then click "Done"

Enable the Dropzone Data Source Integration

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

  • Click "Data Sources" in the top left corner

  • In the SIEM section, find the Sumo Logic tile and click "Connect"

  • Input the API key and API Secret

  • Under "Ignored Source Categories" section, you may click "Add Item" and input source categories to ignore. Dropzone will not query source categories in the "Ignored Source Categories" section

  • Click "Test & Save"

If you have any errors engage your Dropzone AI support representative.

Enable the Dropzone Alert Source Integration

In addition to data source integration, Dropzone can be configured to monitor and investigate specific incident types from Sumo Logic.

To enable the Alert Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

  • Click "Alert Sources"

  • In the SIEM section, find the Sumo Logic tile and click "Connect"

  • Input the Access ID and Access Key

    • For example, if your MS Defender alerts are sent to a source category named msgraph-security, you would add the following query: _sourceCategory=msgraph-security

  • Click "Test & Save"

If you have any errors or questions, engage your Dropzone AI support representative.

Under "Sumo Logic Alert Search Queries", you may click "Add Item" and input to select alerts to investigate

Sumo Logic-specific search query terms
http://service.sumologic.com
Navigate to Administration
Add access key
Name and Save API
Copy API Key and Secret
Integrations Dropdown
Select the "Data Sources" button
The Sumo Logic Data Source Tile
The Sumo Logic Data Source Configuration
Integrations Dropdown
Select the "Alert Sources" button
The Sumo Logic Alert Source Tile
The Sumo Logic Alert Source Configuration