Ready to Start Your Career?

Sumo Logic Integrations Are Seamless

Owen Dubiel's profile image

By: Owen Dubiel

August 4, 2021

Sumo Logic is one of the world-leading SIEM solutions for innovation and advancement. They specialize in ingesting any data (no matter the industry) and making sense of it due to their various built-in integrations that make data ingestion a breeze. This article will delve into some ways Sumo Logic makes utilizing their platform within any environment convenient and easy.

Partnering Solutions

Sumo Logic works with the industry's top leading brands to create seamless integrations into its products. For each of the following vendors, the Sumo Logic integrations team has created a built-in GUI add-on process for quickly connecting cloud APIs for timely data imports.

  • Google Cloud Platform
  • G Suite Apps
  • Office 365
  • Okta
  • Crowdstrike
  • Cylance
  • Netskope
  • Mimecast
  • Tenable
  • Carbon Black Defense/Cloud
  • Azure
  • Duo
  • Proofpoint TAP
  • Sophos
  • Cisco AMP
  • Salesforce
  • Cybereason

One significant benefit of using the API cloud imports is that if you need a specific subset of logs for compliance purposes but don't necessarily want to pay for ingestion into the Cloud SIEM Enterprise (CSE) portal, you don't have it. Sumo Logic allows its customers to define partition retention for sources and choose during the initial setup if the logs should be forwarded to the CSE SIEM portal.

AWS SIEMplified

The Sumo Logic integrations team has also built out the entire AWS API portals suite to ensure a fast and flawless connection when spinning up your Sumo instance. The following prebuilt connection sources are configured to accept AWS credentials to import AWS instance data into the Sumo Logic SIEM seamlessly.

  • Amazon S3
  • AWS Elastic Load Balancing
  • Amazon CloudFront
  • AWS CloudTrail
  • AWS CloudWatch Metrics
  • AWS Metadata
  • AWS S3 Audit
  • AWS Inventory
  • AWS XRay
  • AWS S3 Archive

When using the prebuilt API connectors for AWS, you are automizing the logs through the solutions. If chosen to forward to the CSE SIEM portal, the records are ingested in a way that ensures they line up correctly with pre-defined detection rules within the platform. In more instances, Sumo can get customers up and running within a couple of weeks.

CSE Cloud Connectors

The above information is just for the Sumo core management platform. The actual SIEM portion (CSE) includes built-in sensor integrations and allows for quick onboarding of data sources - capabilities that may not be offered within the Core platform. Or one may want to bypass the core logging altogether.

  • AWS CloudTrail via S3
  • AWS CloudTrail via SQS
  • AWS CloudWatch
  • AWS GuardDuty via S3
  • AWS GuardDuty via SQS
  • AWS S3
  • AWS S3 via SQS
  • AWS Virtual Private Cloud
  • Carbon Black Defense
  • Cisco AMP
  • Cisco Umbrella via S3
  • Cisco Umbrella via SQS
  • Cloudflare Logpush via SQS
  • CrowdStrike Falcon Endpoint Protection
  • CylancePROTECT
  • Duo Security
  • Endgame Protect
  • Google G Suite
  • Illumio ASP via SQS
  • Insight Actions
  • Lacework Cloud Security Platform via SQS
  • Microsoft Azure Event Hubs
  • Microsoft Office 365
  • Mimecast MTA
  • Netskope Security Cloud
  • Okta
  • Proofpoint
  • RedLock Cloud Threat Defense via SQS
  • Salesforce

-Sophos Central

  • Tenable Events via S3
  • Tenable Events via SQS
  • Tenable.io

There are many other use cases for the CSE cloud sensor. The above list presents prebuilt use cases that allow quick import into the CSE SIEM solutions.

Conclusion

Whether utilizing the core platform or just the CSE platform, Sumo Logic integrations have proven that both industry-leading solutions and global cloud providers like AWS or Azure can be quickly onboarded with minimal effort. Improving overall security visibility across hybrid or multi-cloud tenants is key to maximizing security efficiency moving into the future. To learn more about Sumo Logic technology or other similar SIEM solutions, head on over to Cybrary's website and check out the unique content provided.

Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry