Sumo Logic Integration
This integration is built with a webhook connection of Sumo Logic SIEM.
Steps to Integrate
Step 1: Create a Webhook
Visit the Webhooks page in Binalyze AIR,
Click the "+ New Webhook" button on the upper right corner,
Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
Select "Sumo Logic: Generic Sumo Logic Webhook Parser" as the parser for this webhook,
Select an Acquisition Profile,
Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
Click the "Save" button,
Hover your mouse over the link below the Webhook name and double-click to copy
Step 2: Configure Sumo Logic SIEM
On the left pane, click "Manage Data" then "Monitoring", and alter "Connections".
Give a name to webhook,
Write a description (optional),
Paste Webhook URL, you copied in Step 1,
Type your payload*: ["{{ResultsJson.client_ip}}"]
Save and exit.
For more information, please visit here.
Last updated