Skip to content

Interpres Application - Sumo Logic

  • Type: SIEM/Data Lake
  • Vendor: Sumo Logic

This app integrates with Sumo Logic to get Telemetry, Detections and Alerts.

Vendor setup

  1. Generate Sumo Logic Access Keys
  2. Get API Sumo Logic API Endpoint

App Configuration

App Parameters:

  • Access ID (password): Sumo Logic Access ID
  • Access Key (password): Sumo Logic Access Key
  • API Endpoint (string): API Endpoint using the following format: https://api.sumologic.com/api/

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Detections: Gets Detections which are rules from SumoLogic SIEM. Each rule has a score which maps to Interpres Detection severity:
score == 1 -> "Info"
score <= 3 -> "Low"
score <= 5 -> "Medium"
score == 6 -> "High"
score > 6 -> "Critical"

  • Get Alerts: Gets Alerts which are triggered rules that generate insights

  • Get Available Telemetry: Gets Telemetry being ingested in SumoLogic by checking active collectors / sources