Sumo Logic

What is the Sumo Logic webhook?

Integrating Sumo Logic allows you to create an HTTP Event Collector which supports forwarding data and application events from Insights to a Sumo Logic deployment over the HTTP and Secure HTTP (HTTPS) protocols.

Sumo Logic investigates, monitors, and analyzes data from any source. Use Sumo Logic to search, index, and correlate big data to set up relevant alerts, reports, and visualizations.

Prerequisites

To set up the Sumo Logic integration you require the following.

BeyondTrust

• Access to Identity Security Insights
• An Identity Security Insights Administrator role

Sumo Logic

• Access to Sumo Logic
• Permission to create and configure an HTTP Event Collector

Configure Sumo Logic webhook

Sumo Logic

1. From your Sumo Logic Dashboard navigate to Collection > Add Collector.

2. Click Hosted Collector.

   • Name: BeyondTrust Identity Security Insights

3. Click Save and click OK.

4. Search and click HTTP Logs & Metrics.

   • Name: BeyondTrust Identity Security Insights

   • Expand Advanced Options for Logs

     • Uncheck: Multiline Processing
     • Check: One Message Per Request

   • Click Save.

5. Copy the URL endpoint.

6. Click OK.

Identity Security Insights

1. From your Identity Security Insights Dashboard click > Insights > Integrations.
2. Click Webhooks.
3. Click Create Integration.
   • Webhook Name: Sumo Logic
   • Webhook URL: URL Endpoint copied in the previous step
   • Authorization Type: None
   • Webhook Template:

CODEBLOCK{  
  "incidentType": "%%incidentType%%",  
  "incidentId": "%%incidentId%%",  
  "incidentSeverity": " %%severity%%",  
  "definitionSummary": "%%definitionSummary%%",  
  "definitionId": "%%definitionId%%",  
  "entityType": "%%entityType%%",  
  "entityName": "%%entityName%%",  
  "entitySource": "%%source%%",  
  "entityLocation": "%%location%%",  
  "entityTenant": "%%tenantId%%",  
  "dateTime": "%%timestamp%%",  
  "linkUrl": "%%link%%"  
}CODEBLOCK

4. Select Send Detections Automatically?
5. Severity: Select your threshold.
6. Click Save Integration.

Test the Sumo Logic webhook

1. From the top left of the page, click > Insights > Integrations.
   The Integrations page displays.
2. Click Webhooks.
3. Locate and select your webhook from the list.
4. At the bottom of the page, click Test Connection.
   A confirmation message displays.
   • If the test is successful, you can view the generated message Sumo Logic.
   • If the test is unsuccessful, there was an error while attempting to send a request to the configured webhook destination. Review all entries to ensure they are correct both in Insights and in Sumo Logic, then retry the test.