SumoLogic

About this document

This document provides the step-by-step procedure to configure SumoLogic in SAFE.

Introduction

SAFE integrates with SumoLogic and fetches the security misconfiguration of the SumoLogic account in SAFE.

Prerequisites

• Access required in SAFE:

  • SAFE Admin Access

• Access required in SumoLogic:

  • SumoLogic Admin

• Required User Inputs:

  • API Instance URL

  • Access ID

  • Access Key

  • Asset Name in SAFE (optional)

• Required Scope:

  • Admin Access

Generate Connection Details

• How to generate Access ID

  • Log in to your SumoLogic account as Admin.

  • Click on the Profile icon at the bottom left corner

  • Click on the Preferences

  • Click on the + Add Access Key

    
    Open image-20240321-095345.png

  • Enter the Access Key Name

  • Click on the Create Key button

    
    Open image-20240321-095506.png

  • The system displays an Access ID and Access Key. Copy and save the Access ID and Access Key to use it later while configuring SumoLogic in SAFE.

  • It's important to regularly update the Access ID and Access Key in SAFE according to its expiration date.

    
    Open image-20240321-095607.png

• How to get API Instance URL (Region Specific)

  • Access the SumoLogic API documentation by clicking on the provided link.

  • Upon reaching the SumoLogic API documentation page, locate the section titled as "API Endpoints".

  • Select endpoints specific to instance region

  • In the exhibit provided, find the base URL highlighted as 3. Copy and save this API URL to use it while configuring SumoLogic in SAFE

    
    Open image-20240321-095112.pn

Configure SumoLogic in SAFE

• Log in to your SAFE account as Admin.

• Click on the Integrations option from the left navigation.

• Scroll to find the SumoLogic integration card or search for SumoLogic in the search bar.

  
  Open image-20240321-082535.png

• Hover over the SumoLogic integration card and click on the Configure button.

• Enter the following:

  • API Instance URL

  • Access ID

  • Access Key

  • Asset Name in SAFE -  Provide a unique identifier which can uniquely identify the asset

• Enter the Auto Sync Frequency.

• Click on the Test Connection button.

• Once the connection is successful, click on the Save button.

  
  Open image-20240321-091821.png

• Once the configuration is saved successfully, click on the Sync Now button to trigger an on-demand sync.

  
  Open image-20240321-091936.png

• Upon a successful sync, the system pulls the SumoLogic assets and their findings in SAFE. You can track the status of the sync in the History table.

View Results

• Go to the integration homepage

• Scroll to find the SumoLogic integration card or search for SumoLogic in the search bar.

• Click on the SumoLogic integration card for Finding View and Asset View.

  • Finding View: This tab displays all the findings details pulled from SumoLogic.

    
    Open image-20240321-093827.png

  • Asset View: This tab displays all the assets pulled from SumoLogic.

    
    Open image-20240321-093920.pn

History

Learn More about Integration History here.

SAFE's Outgoing IP Addresses

Click here to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.

FAQs

• For region specific information, contact your SumoLogic system administrator or refer to this.