Sumo Logic
Integration version: 16.0
Configure Sumo Logic integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Ping
Description
Test connectivity to Sumo Logic.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
success
|
True/False | success:False |
JSON Result
N/A
Search
Description
Run a query and get the search results from Sumo Logic.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
Query
|
String | N/A | Sumo Logic query to run. Example: _collector=* |
|
Delete Search Job
|
Checkbox | Un-Checked | If checked, delete the jobs after a search is completed. |
|
Since
|
String | N/A | Start date of the search, ISO-8601 or unixtime. Example: 1970-01-01T00:00:00. Default: 1 (unixtime). |
|
To
|
String | N/A | End date of the search, ISO-8601 or unixtime. Example: 1970-01-01T00:00:00. Default: now (current utc unixtime). |
|
Limit
|
String | N/A | Number of results to return. Example: 10. Default: 25. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
results
|
N/A | N/A |
JSON Result
[
{
"_messageid"
:
"-9223372036854773772"
,
"_messagetime"
:
"1359407049529"
,
"_blockid"
:
"-9223372036854775674"
,
"_sourcecategory"
:
"service"
,
"_format"
:
"plain:atp:o:0:l:29:p:yyyy-MM-dd HH:mm:ss,SSS ZZZZ"
,
"_sourcename"
:
"/Users/christian/Development/sumo/ops/assemblies/latest/service-20.1-SNAPSHOT/logs/service.log"
,
"_source"
:
"service"
,
"_receipttime"
:
"1359407051885"
,
"_collectorid"
:
"1579"
,
"_sourceid"
:
"1640"
,
"_raw"
:
"2013-01-28 13:04:09,529 -0800 INFO
[module=SERVICE]
[logger=com.netflix.config.sources.DynamoDbConfigurationSource] [thread=pollingConfigurationSource] Successfully polled Dynamo for a new configuration based on table:raychaser-chiapetProperties"
,
"_size"
:
"246"
,
"_collector"
:
"local"
,
"_messagecount"
:
"2035"
,
"_sourcehost"
:
"Chiapet.local"
}
]
Connectors
Sumo Logic Connector
Description
Sumo Logic Connector.
Configure Sumo Logic Connector in Google SecOps
For detailed instructions on how to configure a connector in Google SecOps, see Configuring the connector .
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
DeviceProductField
|
String | device_product | The field name used to determine the device product. Example: _type |
|
EventClassId
|
String | name | The field name used to determine the event name (sub-type). Example: _source_match_event_id |
|
PythonProcessTimeout
|
String | 60 | The timeout limit (in seconds) for the python process running current script. |
|
API Root
|
String | null | The Sumo Logic Api root, for example: https://api.{region}.sumologic.com |
|
Access ID
|
String | null | Sumo Logic access ID. |
|
Access Key
|
Password | null | Sumo Logic access key. |
|
Verify SSL
|
Checkbox | FALSE | Whether to use ssl on connection or not. |
|
Alert Name Field
|
String | null | The name of the field where the alert name is located (flat field path). Example: _sourcecategory |
|
Timestamp Field
|
String | null | The name of the field where the timestamp is located (flat field path). Example: _receipttime |
|
Environment Field
|
String | null | The name of the field where the environment is located (flat field path). Example: _collector |
|
Indexes
|
String | null | Indexes to get alerts in". |
|
Alerts Count Limit
|
Integer | 10 | Max count of alerts to pull in one cycle. Example: 20 |
|
Max Days Backwards
|
Integer | 1 | Max number of days to fetch alerts since. Example: 3 |
|
Proxy Server Address
|
String | null | The address of the proxy server to use. |
|
Proxy Username
|
String | null | The proxy username to authenticate with. |
|
Proxy Password
|
Password | null | The proxy password to authenticate with. |
Connector rules
Proxy support
The connector supports proxy.
Dynamic/whitelist rule support
This will run a single search job for each query added as a rule. If both were supplied: indexes and queries, queries have priority over the connector's 'indexes' parameter.
Need more help? Get answers from Community members and Google SecOps professionals.
