Links

Sumo Logic Integration

This integration is built with a webhook connection of Sumo Logic SIEM.

Steps to Integrate

Step 1: Create a Webhook

  • Visit the Webhooks page in Binalyze AIR,
  • Click the "+ New Webhook" button on the upper right corner,
  • Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
  • Select "Sumo Logic: Generic Sumo Logic Webhook Parser" as the parser for this webhook,
  • Select an Acquisition Profile,
  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
  • Click the "Save" button,
  • Hover your mouse over the link below the Webhook name and double-click to copy

Step 2: Configure Sumo Logic SIEM

On the left pane, click "Manage Data" then "Monitoring", and alter "Connections".
  • Give a name to webhook,
  • Write a description (optional),
  • Paste Webhook URL, you copied in Step 1,
  • Type your payload*: ["{{ResultsJson.client_ip}}"]
  • Save and exit.
For more information, please visit here.