Sumo Logic Integration

This integration is built with a webhook connection of Sumo Logic SIEM.

Steps to Integrate

Step 1: Create a Webhook

  • Visit the Webhooks page in Binalyze AIR,

  • Click the "+ New Webhook" button on the upper right corner,

  • Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),

  • Select "Sumo Logic: Generic Sumo Logic Webhook Parser" as the parser for this webhook,

  • Select an Acquisition Profile,

  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy

  • Click the "Save" button,

  • Hover your mouse over the link below the Webhook name and double-click to copy

Step 2: Configure Sumo Logic SIEM

On the left pane, click "Manage Data" then "Monitoring", and alter "Connections".

  • Give a name to webhook,

  • Write a description (optional),

  • Paste Webhook URL, you copied in Step 1,

  • Type your payload*: ["{{ResultsJson.client_ip}}"]

  • Save and exit.

For more information, please visit here.

Last updated