Documentation

Sumo Logic

Suggest Edits

Set up audit logs webhooks

The following steps are required to connect your Sumo Logic tools to Entitle.

Stage 1: Configure the Sumo Logic connector

  1. Log into Sumo logic with an Admin account.
  2. Click on Manage Data in the bottom-left corner, and then Collection (a sub-tab under the previous tab) to open the Collector configuration panel.
  1. Select the Collector you want the webhook to send the data to and click Add Source.

If you want to create a new Collector, follow these steps before clicking on Add Source:

  • Click the Add Collector link.
  • In the Select Collector Type popup, choose Hosted Collector.
  • In Add Hosted Collector popup, enter the following settings:
    • Name: the name you wish to give your new Collector.
    • Description: (optional) to identify the data logs coming in.
    • Category: a string to tag the logs collected from this Collector. This will help you to define the scope of your searches, index and partition your data, and control who sees what data through RBAC (Role-Based Access Control).
  • Click Save and then click OK to confirm the addition of the new Collector.
  1. In Cloud APIs, select HTTP Logs and Metrics to start the configuration of the data source.
  2. Enter a descriptive Name (the rest is optional), and select Save.
  1. The system will present you with a dialog box with the HTTP endpoint. Click Copy, as this will be required to configure the Audit Logs later.
Untitled

Stage 2: Create Audit Log webhook in Entitle

  1. Log into Entitle with an Admin account
  2. Go to Entitle's Org Settings.
  3. Scroll down to the Audit Logs Webhooks section
Untitled
  1. To add an Audit Log Webhook, click the Add button on the right corner
Untitled
  1. In the row which appears, you will need to fill in only the URL you just copied (you don’t need to change the Headers or Additional Audit Log Parameters sections, and then click Save.
Untitled
  1. This should be the final result (except the URL should be yours):
Untitled

View Entitle audit logs in Sumo Logic

  1. It will take a few moments for the audit logs configuration to fully propagate through the infrastructure, and for the audit logs to appear in Sumo Logic.
  2. To view logs, hover your mouse over the chosen Collector, and select Open in Log Search.
  3. Once logs start to flow, select New and then Log search to search for events in a specific search criteria (for example, _collector="Webhooks tests")

Updated about 1 month ago