# Sumo Logic Integration

### Steps to Integrate

#### **Step 1: Create a Webhook**

* Visit the **Webhooks** page in AIR,
* Click the "**+ New Webhook**" button on the upper right corner,
* Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
* Select "**Sumo Logic: Generic Sumo Logic Webhook Parser**" as the parser for this webhook,
* Select an **Acquisition Profile**,
* Provide other settings such as **Evidence Repository**, **CPU Limit**, **Compression & Encryption** to use or let AIR configure them automatically based on the matching policy
* Click the "**Save**" button,
* Hover your mouse over the link below the Webhook name and double-click to copy

#### **Step 2: Configure Sumo Logic SIEM**

On the left pane, click "**Manage Data**" then "**Monitoring**", and alter "**Connections**".

* Give a name to webhook,
* Write a description (optional),
* Paste Webhook URL, you copied in Step 1,
* Type your payload\*: \["{{ResultsJson.client\_ip}}"]
* Save and exit.

For more information, please visit [here](https://help.sumologic.com/docs/alerts/webhook-connections/set-up-webhook-connections/#Webhook_payload_variables).