Sumo Logic Integration
This integration is built with a webhook connection of Sumo Logic SIEM.
- Visit the Webhooks page in Binalyze AIR,
- Click the "+ New Webhook" button on the upper right corner,
- Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
- Select "Sumo Logic: Generic Sumo Logic Webhook Parser" as the parser for this webhook,
- Select an Acquisition Profile,
- Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
- Click the "Save" button,
- Hover your mouse over the link below the Webhook name and double-click to copy
On the left pane, click "Manage Data" then "Monitoring", and alter "Connections".
- Give a name to webhook,
- Write a description (optional),
- Paste Webhook URL, you copied in Step 1,
- Type your payload*: ["{{ResultsJson.client_ip}}"]
- Save and exit.
Last modified 3mo ago